MSN MESSENGER LOGGED ON FOR ATTACKS
By Techtree News Staff

Core Security Technologies, has published a vulnerability in Microsoft's MSN Messenger, an instant messaging program currently used by over 130 million people worldwide. A patch for this had been issued on Tuesday.

Core Security is a Boston, U.S.-based information security solutions company.

Core researchers discovered that by selecting a specially-crafted graphic as the user's display picture in MSN Messenger, an attacker could trigger a buffer overflow vulnerability on the chat partner's computer and covertly take over machines running instant messaging software.

The attack would travel through the established chat session and would pass unnoticed by firewalls, network intrusion detection systems and even host-based personal firewalls and antivirus software. According to the vendor, Windows Messenger and Windows Media Player are also affected by this vulnerability.

FOR THE REST OF THIS STORY VISIT:
http://www.techtree.com/techtree/jsp/showstory.jsp?storyid=57598