Slashdot Mirror
Image Causes Exploitable Overflow in Microsoft Products
Em Adespoton writes "Core Security researchers discovered that by electing a specially-crafted graphic as the user's display picture in MSN Messenger, an attacker could trigger a buffer overflow vulnerability on the chat partner's computer. Through this, it is possible to covertly take over machines running instant messaging software. Windows Messenger and Windows Media Player are also affected by this vulnerability. The story is also available at Newsfactor.com and SearchSecurity.com."
Microsofts loss is my GAIM.
ha.
I think I heard of this method of attack in a security book I read once. Where the image of an avatar's identification turned out to be a computer-infecting virus. Oh, wait, it was a novel. "Snow Crash" by Neal Stephenson.
[
By spreading to everyone in your buddy list, a worm based on this exploit could infect 90% of the world in a couple hours.
I'm doing my part. I don't have any friends.
Is this one at all related to the previous image library flaws (the vulnerability for which the GDI detection tool was released to identify any Windows apps that were affected)?
Oh, wait, I think I found it! A patch was released for PNG processing flaws on Tuesday this week; among the affected software: Microsoft MSN Messenger.
The image that triggers it is an inverted picture of Bill Gates playing cards with Sadam, Satan, and Celine Dion.
They've said that PNG stands for "Proprietary Network Graphics". In fact, this is very wrong - it's not proprietary at all. The idea of the format is that it _ISN'T_ proprietary - it's free as in speech, free as in beer, free as in patents.
PNG really stands for Portable Network Graphics. And I hope that people don't get confused and start blaming the PNG file format for a bug that is MS's fault.
Perhaps one should take note that this overflow bug is not in MS code, but in the open-source LibPNG, which MS used.
And it's also included in most Linux distros.
If MS is to blame, it's for their lousy reaction speed. This vunerability has been known for months.
The Slashdot story blurb leaves out that this fix is already available. Certainly, if the fix hadn't already been made available you could count on that tidbit being mentioned....
.....is already out.
This space intentionally left blank.
a friend of mine used to work for MS on a version of IE... one bug they were trying to track down involved jpg (or was it gif) images of a certain--very large--dimension that could in some circumstances cause boot-block overwrite on the boot drive as it was being cached... (this was a few years back...)
when this bug was being discussed in a meeting, the first thing that was said was something to the effect of "oh, and if you tell anybody--anybody--about this, you might as well look for a new job at the same time, and a good lawyer."
of course, this was a few years ago, and from what i understand it was fixed right away, but still...
m-
You catch enchiladas by picking them up behind the head and holding them underwater until they don't kick anymore -VeGas
You have to manually call the uninstall section of the msn messenger INF file.. ive done it so many times i type it from memory..
go to start>run, and typemake sure msn messenger is closed first so it wont error when it unregisters the dll files
[an error occurred while processing this directive]