Slashdot Mirror

← Back to Stories (view on slashdot.org)

Image Causes Exploitable Overflow in Microsoft Products

Posted by Zonk on from the that's-a-spicy-picture dept.

Em Adespoton writes "Core Security researchers discovered that by electing a specially-crafted graphic as the user's display picture in MSN Messenger, an attacker could trigger a buffer overflow vulnerability on the chat partner's computer. Through this, it is possible to covertly take over machines running instant messaging software. Windows Messenger and Windows Media Player are also affected by this vulnerability. The story is also available at Newsfactor.com and SearchSecurity.com."

12 of 291 comments (clear)

  1. Where are the Cherubs? by Speare · · Score: 5, Interesting

    I think I heard of this method of attack in a security book I read once. Where the image of an avatar's identification turned out to be a computer-infecting virus. Oh, wait, it was a novel. "Snow Crash" by Neal Stephenson.

    --
    [ .sig file not found ]
    1. Re:Where are the Cherubs? by ultranova · · Score: 2, Interesting

      The images wouldn't only affect your computer, but your brain as well. I hope virus writers never figure that one out!

      Don't worry; after a lifetime of constant exposure to ads, it would take one hell of a picture virus to even make you sneeze :).

      Seriously: the purpose of ads is to reprogram our behaviour, either permanently or temporarily. They do this by exploiting various psychological weaknesses of human minds - such as the need to associate with (imitate) what is perceived as succesfull people, the need to take care of children (add a little kid to the ad and the viewer becomes far more vulnerable), the fear of growing old and unwillingness to give up youth, etc. These can certainly be classified as "unchecked input" -bugs: they (try to) bypass rational thinking to make the viewer associate something positive with the product being advertised.

      Fortunately, the human brain has shown itself to be self-calibrating; after being deceived once or twice (or twenty times), it develops the firewall of cynicism. However, if we ever develop artificial intelligence, I truly feel sorry for any robots produced by Microsoft ;).

      So in short, don't worry about the picture-based brain viruses; they exist right now, are called ads, and human beings are capable of developing resistance against them.

      --

      Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

  2. Question by Spy+der+Mann · · Score: 3, Interesting

    Is this why today my MSN asked me to upgrade to a new version? Or is the new version still vulnerable to this? I'm using version 6.2.0205

  3. Re:MS Security Chief Says Windows is Safer Than Li by Leknor · · Score: 2, Interesting

    Anyone ever done a study to determine the mean time between when MS claims their products are secure and when the next exploit is announced?

  4. Stupid question: by JayJay.br · · Score: 3, Interesting

    Looks like the problem is with PNG handling. Could it be then exploited through web pages? Or is it only the use those applications make of the format?

  5. End user ease of use... by BrynM · · Score: 2, Interesting

    Use Microsoft's simple instructions to remove messenger. Glad they made it so point-and-click for those end users!</sarcasm>They obfuscated it because Messenger is such an important part of the lock-i... er operating system. Never mind that editing your registry may void your tech support, destroy your install, burn your clothes, hit your dog. I guess I'll be getting more calls from my family if disabling Messenger gets recommended in the press. Whenever they see that "Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk." they ask me to fix it. I guess I should put together a .reg and a.vbs file for them now.

    --
    US Democracy:The best person for the job (among These pre-selected choices...)
  6. Re:but its more secure than linux! by TFGeditor · · Score: 4, Interesting

    But, have you ever tried to uninstall MS Messenger? http://www.theregister.co.uk/2002/04/02/windows_me ssenger_trojan_update/

    Those not blessed with geekiness cannot do it, so are stuck.

    --
    Ignorance is curable, stupid is forever.
  7. Re:Before anyone goes off bashing MS... by Nintendork · · Score: 4, Interesting
    I just verified this and you're right. Here's some info on the vulnerability.

    I wonder though why Microsoft didn't update to a newer version of libPNG when the vulnerability was addressed last August.

    -Lucas

  8. once upon a time... by ultramk · · Score: 5, Interesting

    a friend of mine used to work for MS on a version of IE... one bug they were trying to track down involved jpg (or was it gif) images of a certain--very large--dimension that could in some circumstances cause boot-block overwrite on the boot drive as it was being cached... (this was a few years back...)

    when this bug was being discussed in a meeting, the first thing that was said was something to the effect of "oh, and if you tell anybody--anybody--about this, you might as well look for a new job at the same time, and a good lawyer."

    of course, this was a few years ago, and from what i understand it was fixed right away, but still...

    m-

    --
    You catch enchiladas by picking them up behind the head and holding them underwater until they don't kick anymore -VeGas
  9. Removing MSN Messenger doesn't actually remove it by EnronHaliburton2004 · · Score: 4, Interesting

    So anyone else notice that if you remove MSN Messenger and Outlook Express via the Control Panel's "Add/Remove Programs", the programs aren't actually removed from "C:\Program Files\Messenger" and "C:\Program Files\Outlook Express" ?

    WindowsUpdate still asks you to install patches for Messenger and OE, even though they are supposedly "uninstalled".

    IE still somtimes shows a Messenger icon on one of the toolbars.

    I still occasionally find the the MSN Messenger icon in the status tray, even though it is supposedly "uninstalled", and the users on my network aren't smart enough to run MSN Messenger from the commandline.

    What gives?

    --
    94% of Repubs and 21% of Dems voted to renew the Patriot Act
  10. Re:HAHAHAH GRABOULOUS! by Anonymous Coward · · Score: 1, Interesting

    I'd say Microsoft's use of FOSS led to the vunerability being found.

    The untimely speed at which it was fixed is all their own work though.

  11. Re:but its more secure than linux! by jproudfo · · Score: 2, Interesting

    ...which was patched on Tuesday. IMHO, that qualifies old news.