MSN Logged on For Attacks

TechTree ^ | February 11, 2005 | Techtree News Staff

[zeugma]

Core Security Technologies, has published a vulnerability in Microsoft's MSN Messenger, an instant messaging program currently used by over 130 million people worldwide. A patch for this had been issued on Tuesday.

Core Security is a Boston, U.S.-based information security solutions company.

Core researchers discovered that by selecting a specially-crafted graphic as the user's display picture in MSN Messenger, an attacker could trigger a buffer overflow vulnerability on the chat partner's computer and covertly take over machines running instant messaging software.

The attack would travel through the established chat session and would pass unnoticed by firewalls, network intrusion detection systems and even host-based personal firewalls and antivirus software. According to the vendor, Windows Messenger and Windows Media Player are also affected by this vulnerability.

"This is a critical security flaw since it directly affects more than 130 million users and because the attack is very likely to go unnoticed by the several layers of security countermeasures commonly used today, said Ivan Arce, CTO at Core Security Technologies.

"Since initially reporting the flaw, we have been working closely with the vendor and we are pleased to see that a fix is now available."

The MSN Messenger protocol allows for the transmission of images between users during electronic conversations. The image format used to transfer those images is called Proprietary Network Graphics (PNG). When a user selects a picture to be displayed, Messenger converts it to the PNG format, with a fixed size and encoding characteristics. These images are then transmitted over the same communication channel used to exchange text messages. By sending a specially crafted PNG image, an attacker can trigger a buffer overflow and execute arbitrary code on the chat partner’s machine.

Systems running vulnerable MSN Messenger clients on Windows XP with Service Pack 2 installed are also exploitable.

The vulnerability is exploitable in MSN Messenger client software up to version 6 including binary files compiled with the Visual Studio GS stack overflow protection mechanism. MSN Messenger 7 (beta) clients are not vulnerable.

Exploitation of the vulnerability can be carried out though the same communications channel used by legitimate users for normal chat sessions, therefore it is very difficult to differentiate attacks from normal traffic.

[zeugma]

FYI for microsoft windows users.

Systems running vulnerable MSN Messenger clients on Windows XP with Service Pack 2 installed are also exploitable.

[tfecw]

what do these companies that find the secuirty flaws get?

There has to be a reason why they look for these things

[Izzy Dunne]

what do these companies that find the secuirty flaws get?

A lifetime free subscription to MSN, plus free copies of Internet Explorer.

[philetus]

If I want to have a real time conversation with someone, I use the phone.

[Izzy Dunne]

The image format used to transfer those images is called Proprietary Network Graphics (PNG)

HELLO ???

It stands for Portable Network Graphics

[sweetiepiezer]

Thanks for the info, I just updated.

[I'm ALL Right!]

bookmark for later

[frogjerk]

Referring to an earlier article(s) - "It's been a bad week for Firefox" - sarcasm

[zeugma]

"proprietary network graphics" - Thanks I didn't notice that. LOL.

[KoRn]

|\/|$|\| Insecurity Ping!

[KoRn]

|\/|$|\| Insecurity Ping!

[ShadowAce]

Why is it that people claim that open source is inherently insecure because more bad guys are looking at it?

How many problems has Windows had just in 2005?

[stylin_geek]

As I've said in the past, there is absolutely no reason for XP Pro to install Messenger BY DEFAULT!!!

The amount of time I've wasted uninstalling that piece of software off of my desktops at work is unbelievable.

/rant

[JoJo Gunn]

Good question, ain't it?

Putting a source code under lock and key doesn't mean squat.

[JustDoItAlways]

This is the fast way to completely remove windows messenger from Windows XP. I don't think you can just delete all the files messenger uses because in XP, it is everywhere.

Use the "cut and paste" method below, 5 seconds and its all gone (until Microsoft decides to reinstall it on you without you really knowing it when you get patches and security upgrades.)

-----
Removing Messenger from computers

Make sure your Internet Explorer, Outlook Express, Windows Messenger and other programs are closed before doing this.

1) Click on Start, Run
2) Type the following (or cut and paste it) into the Run line

RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove

3) Click on OK

---

[expat_panama]

That sounds like a good plan.  I hear one of the problems that msm causes is that it makes the keyboard stick when ever you type the letter qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq