Windows Live Messenger; MSN Messenger vulnerable to a highly critical Webcam Flaw
Threat Level: High
Affected Versions: MSN Messenger 6.x, 7.x; Windows Live Messenger 8.0
Non-Affected Versions: Windows Live Messenger 8.1, Windows Live Messenger 8.5 Beta
MSN Messenger through 7.5 and Windows Live Messenger 8.0 are vulnerable to a recently posted attack that can allow a remote attacker to exploit the webcam function of both chat clients. By exploiting the function, the attacker can run arbitrary code and cause buffer overflows. User interaction is required for this exploit to work.
Prevention/Patches:
Microsoft has released
Windows Live Messenger 8.1 which is not vulnerable to this attack. For users who are on systems that do not support Windows Live Messenger 8.1, Microsoft has currently not released a patch. To prevent this vulnerability, users of Windows Live Messenger 8.0 should upgrade immediately. Users who are unable to upgrade should immediately cease accepting webcam requests. Users of Messenger Plus! should disable the auto-accept webcam requests functionality.
To get alerted of threats such as this using Messenger Plus! Live, install the PSAS Script. Information provided by PlusOne Security Alert Service.
/ 
