Slashdot Mirror

← Back to Stories (view on slashdot.org)

Image Causes Exploitable Overflow in Microsoft Products

Posted by Zonk on from the that's-a-spicy-picture dept.

Em Adespoton writes "Core Security researchers discovered that by electing a specially-crafted graphic as the user's display picture in MSN Messenger, an attacker could trigger a buffer overflow vulnerability on the chat partner's computer. Through this, it is possible to covertly take over machines running instant messaging software. Windows Messenger and Windows Media Player are also affected by this vulnerability. The story is also available at Newsfactor.com and SearchSecurity.com."

3 of 291 comments (clear)

  1. Isn't it worth mentioning by apoplectic · · Score: 5, Insightful

    The Slashdot story blurb leaves out that this fix is already available. Certainly, if the fix hadn't already been made available you could count on that tidbit being mentioned....

  2. Re:once upon a time... by t_allardyce · · Score: 4, Insightful

    He should have said 'oh, and if you pay me anything -- anything less than $300,000 for this fix, you might as well look for a new job too, and a good PR team to cover up the leak i spill.'

    --
    This comment does not represent the views or opinions of the user.
  3. Re:Already fixed by stinky+wizzleteats · · Score: 4, Insightful

    After RTFMing, this problem has been known since August of last year

    I RTFMed, too. Seems like vulnerability was fixed in August of last year by Gentoo, Red Hat, andMandrake.

    Nothing compares MS security to that of the rest of the world better than seeing how they fix the same damn vulnerability. Let this be a lesson to you. Never astroturf with facts. A quality 'turf would have been to say: "Yes, but Linux has a history of at least three times as many security problems with PNG as Microsoft"