NO. 20050214
 
MSN Messenger PNG Image Buffer Overflow Exploit (MS05-009)

Overview:
 
Microsoft MSN Messenger exists a vulnerability that will result in arbitrary code execution on the victim's system.

Release Date: 2005-02-14
 
Systems Affected :
 
Microsoft Windows 2000 (All Service Pack) and
Microsoft Windows XP (All Service Pack) that run MSN Messenger 6.1 and 6.2 clients. 
 
Impact: 
 
Arbitrary codes may be executed on the victimized MSN Messenger users' system.  
 
Description:
 
This exploit will create a PNG (Portable Network Graphics) file, which triggers buffer overflow existing in libpng when the MSN Messenger renders and displays the malicious PNG file. To protcet users from this attack, Microsoft has required MSN users to update the MSN Messenger when they try to login MSN network. MSN users will fail to login to MSN network if they do not update their MSN Messengers.   

In short, MSN users do not need to worry about this exploit!

(BSST, Broadweb Security Service Team)

Copyright © BroadWeb Corporation All rights reserved. [Contact Us]
BSST,Broadweb Security Service Team