Shoutbox

[Security Advisory] Webcam Vulnerability in MSN Messenger 6.x, 7.x, WLM 8.0 - Printable Version

-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: Skype & Technology (/forumdisplay.php?fid=9)
+---- Forum: Skype & Live Messenger (/forumdisplay.php?fid=10)
+----- Thread: [Security Advisory] Webcam Vulnerability in MSN Messenger 6.x, 7.x, WLM 8.0 (/showthread.php?tid=77111)

[Security Advisory] Webcam Vulnerability in MSN Messenger 6.x, 7.x, WLM 8.0 by Dane on 08-30-2007 at 10:18 AM

Windows Live Messenger; MSN Messenger vulnerable to a highly critical Webcam Flaw

Threat Level: High
Affected Versions: MSN Messenger 6.x, 7.x; Windows Live Messenger 8.0
Non-Affected Versions: Windows Live Messenger 8.1, Windows Live Messenger 8.5 Beta

MSN Messenger through 7.5 and Windows Live Messenger 8.0 are vulnerable to a recently posted attack that can allow a remote attacker to exploit the webcam function of both chat clients. By exploiting the function, the attacker can run arbitrary code and cause buffer overflows. User interaction is required for this exploit to work.

Prevention/Patches:
Microsoft has released Windows Live Messenger 8.1 which is not vulnerable to this attack. For users who are on systems that do not support Windows Live Messenger 8.1, Microsoft has currently not released a patch. To prevent this vulnerability, users of Windows Live Messenger 8.0 should upgrade immediately. Users who are unable to upgrade should immediately cease accepting webcam requests. Users of Messenger Plus! should disable the auto-accept webcam requests functionality.

To get alerted of threats such as this using Messenger Plus! Live, install the PSAS Script.  Information provided by PlusOne Security Alert Service.