Bug Alert! MSN Messenger vulnerability discovered!

Question

Bug Alert! MSN Messenger vulnerability discovered!

Answer

This question was answered on May 10, 2002. Much of the information contained herein may have changed since posting.

Anyone using the Microsoft MSN Chat control, which is available for direct download and ships with MSN Messenger and Exchange Instant Messenger should be aware of a vulnerability that has been discovered.

The impact of this vulnerability is that an attacker could execute the code of his choice on your machine.

Microsoft recommends that users of MSN Chat should upgrade by visiting an MSN Chat site and downloading the new control. Customers using MSN Messenger and Exchange Instant Messenger should upgrade to the latest version.

The affected Software includes:

Microsoft MSN Chat Control

Microsoft MSN Messenger 4.5 and 4.6, which includes the MSN Chat control

Microsoft Exchange Instant Messenger 4.5 and 4.6, which includes the MSN Chat control

Download location for the patch:

>http://www.microsoft.com/Downloads/Release.asp?ReleaseID=38790</b>

Download location for updated version of MSN Chat control:

>http://chat.msn.com</b>

Download location for updated version of MSN Messenger with the corrected control:

<a href="http://messenger.msn.com/download/download.asp?client=1&update=1 " target="_blank">>http://messenger.msn.com/download/download.asp?client=1&update=1 </a>

Download location for updated version of Exchange Instant Messenger with the corrected control:

>http://www.microsoft.com/Exchange/downloads/2000/IMclient.asp</b>

Author

Posted by Ken of Data Doctors on May 10, 2002