Shoutbox

Security Flaw? - Printable Version

-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: Skype & Technology (/forumdisplay.php?fid=9)
+---- Forum: Skype & Live Messenger (/forumdisplay.php?fid=10)
+----- Thread: Security Flaw? (/showthread.php?tid=43943)

Security Flaw? by Yousef on 05-01-2005 at 09:40 AM

Hey there!
When I just took a look at my pc a lot of convo's were opened (including a mass-convo). Then I got this error:

quote:
---------------------------
Microsoft Visual C++ Runtime Library
---------------------------
Buffer overrun detected!

Program: C:\Program Files\MSN Messenger\msnmsgr.exe

A buffer overrun has been detected which has corrupted the program's
internal state.  The program cannot safely continue execution and must
now be terminated.

---------------------------
OK   
---------------------------

Is this a known bug? I know buffer overruns can be quite dangerous, they're used in many hack-exploits etc.
RE: Security Flaw? by absorbation on 05-01-2005 at 09:42 AM

It just happened to me in the same conversation using to much process memory i think :P


RE: Security Flaw? by Anubis on 05-01-2005 at 10:10 AM

Yeah, I'd put it down to the processor having trouble rendering a lot of Visual C++ programs at once, and just a random crash. This can happen in MSN Messenger if you are running a lot of process heavy applications or if it is under a lot of extreme process requirements. The odds of it being a hacking attempt are not even worth worrying about in this case.

To protect against this happening you could try downloading a recent BETA from Microsoft for the Visual C++ Runtime Package, it seems to be a very stable BETA and updated to be more resistant to these bugs. Click here to download. Just be careful to get the correct one for your version of Windows, it is explained there. Please note it is a BETA, so it could easily cause bugs that aren’t fully known about. Also it may not fully stop this problem from happening; it could be fully to do with the hardware in your computer, and its ability to process information.


RE: Security Flaw? by Yousef on 05-01-2005 at 10:46 AM

quote:
Originally posted by Anubis
if you are running a lot of process heavy applications
Nah...
quote:
Originally posted by Anubis
it could be fully to do with the hardware in your computer, and its ability to process information.
Yeah, I guess that'll be the problem ;)

Thanks for your reply, so I don't need to worry about anything.
RE: Security Flaw? by absorbation on 05-01-2005 at 10:50 AM

quote:
Originally posted by Juzzi
Thanks for your reply, so I don't need to worry about anything.

Not at all i had the same error in the same conversation because that one convo used alot of process memory :P
RE: Security Flaw? by emameme on 02-18-2006 at 04:05 PM

Hi I have his problem, but in the link that you post for download the Visual C++ Runtime Package there are 3 object to download:

vcredist_IA64.exe

vcredist_x64.exe

vcredist_x86.exe

How I must download? I have windows xp professional sp2. thank you


RE: Security Flaw? by ShawnZ on 02-18-2006 at 04:11 PM

quote:
Originally posted by emameme
Hi I have his problem, but in the link that you post for download the Visual C++ Runtime Package there are 3 object to download:

vcredist_IA64.exe

vcredist_x64.exe

vcredist_x86.exe

How I must download? I have windows xp professional sp2. thank you

You download those if it doesn't run, not if it crashes (but its the x86 one if you want to try it anyway)

RE: Security Flaw? by emameme on 02-18-2006 at 04:15 PM

My doesn't crashes but it terminated immediatly.
I have downloaded x86 but the installation ask me:

where you want to place the exstracted files?

I put    windows\system    or     windows\system 32  ??

thank you


RE: Security Flaw? by ShawnZ on 02-18-2006 at 04:31 PM

neither, place them anywhere

edit: actually, i think it goes in system32.


RE: Security Flaw? by emameme on 02-18-2006 at 04:36 PM

Now I have installed the program but the problem persist.
I have 51 process in windows, but I have 1Gb ram.
what is the problem???


RE: Security Flaw? by Dempsey on 02-18-2006 at 04:41 PM

AFAIK a buffer overflow error has nothing to do with hardware or amount of programs running etc.  It just normally when a variable is set with more data that it can hold.  Although I may be wrong....

EDIT:

quote:
Originally posted by Wikipedia
In computer security and programming, a buffer overflow, or buffer overrun, is an anomalous condition where a process attempts to store more data in a buffer than there is memory allocated for it. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include other buffers, variables and program flow data.

Buffer overflows may cause a process to crash or produce incorrect results. They can be triggered by specific inputs which may be designed to execute arbitrary, possibly malicious, code, or to make the program operate in an unintended way. As such, buffer overflows cause many software vulnerabilities. Sufficient bounds checking by either the programmer or the compiler, can prevent buffer overflows.

RE: Security Flaw? by emameme on 02-18-2006 at 04:47 PM

ok, but how I can resolv this problem? I can resolv this problem or not? if i can how? Thank you.


RE: RE: Security Flaw? by CookieRevised on 02-18-2006 at 05:29 PM

quote:
Originally posted by Dempsey
AFAIK a buffer overflow error has nothing to do with hardware or amount of programs running etc.  It just normally when a variable is set with more data that it can hold.  Although I may be wrong....
Absolutely correct

You can have a buffer overrun on the smallest of applications on the biggest of computers or vice versa. Hardware, etc have nothing todo with this (directly), it is a "simple" programming bug.

quote:
Originally posted by emameme
ok, but how I can resolv this problem? I can resolv this problem or not? if i can how? Thank you.
File it as a bug report to MSN:
http://messenger.msn.com/help/contactus.aspx

----

(note that with that same extremely immature and fucking inresponsible mass group convo, I had no buffer overflow when I was added by some extremely immature and fucking inresponsible person; sorry for the cursing, but such things really piss me off and IMO that fucking little twat should be banned from participating into anything)
RE: Security Flaw? by ShawnZ on 02-18-2006 at 05:53 PM

quote:
Originally posted by CookieRevised
(note that with that same extremely immature and fucking inresponsible mass group convo, I had no buffer overflow when I was added by some extremely immature and fucking inresponsible person; sorry for the cursing, but such things really piss me off and IMO that fucking little twat should be banned from participating into anything)

(you mean that same extremely immature and fucking inresponsible group convo that happened nine months ago?)
RE: RE: Security Flaw? by CookieRevised on 02-18-2006 at 06:27 PM

quote:
Originally posted by ShawnZ
quote:
Originally posted by CookieRevised
(note that with that same extremely immature and fucking inresponsible mass group convo, I had no buffer overflow when I was added by some extremely immature and fucking inresponsible person; sorry for the cursing, but such things really piss me off and IMO that fucking little twat should be banned from participating into anything)

(you mean that same extremely immature and fucking inresponsible group convo that happened nine months ago?)

No I mean that stupid group convo that happened yesterday and was triggered by guess who, smartass...