MSN Messenger vulnerable to 'highly critical' webcam flaw

Exploit code for a "highly critical" vulnerability in MSN Messenger has been posted to a Chinese-language forum, prompting Microsoft to urge all users to immediately migrate to Windows Live Messenger 8.1.

The exploit, available here, is caused by an error in the handling of video conversations and can be exploited to cause a heap-based buffer overflow via specially crafted data sent to a user.

Secunia warns that successful exploitation may allow execution of arbitrary code, but requires that the victim accepts the incoming Webcam invitation.

"This is under investigation," a Microsoft spokesman said.

"Our investigation so far shows that the latest version, Windows Live Messenger 8.1, is not vulnerable to this issue," he added, urging Windows Live Messenger 8.0 users to upgrade to Messenger 8.1.

View: ZDNet

Report a problem with article
Previous Story

YouTube seals UK music royalty deal

Next Story

Laptop theft exposes data of 106,000 US taxpayers

10 Comments

Commenting is disabled on this article.

I think 8.1 has been out for a few months now so I'd have thought most people would have that version installed anyway.

Apart from being on Win98/2000, I don't really see a reason not to upgrade... I'm using the 8.5 beta and finding it very good compared to the earlier versions... (After the Mess Patch, obviously.)