Security flaw found in MSN Messenger video chat component

By on August 30, 2007, 1:07 PM
Following a severe flaw found in Yahoo Messenger a couple of weeks ago, which involved a glitch in the webcam functionality of the IM client, researchers have found a similar hole in Microsoft's MSN Messenger.

The flaw lies in MSN Messenger's video chat component found in versions 7.x and 6.x of the IM client and could allow an attacker to remotely execute code on a user's system. Security firm Secunia rated the vulnerability as 'highly critical', the second highest of its five alert levels. A Microsoft spokesperson stated:

"Our investigation so far shows that the latest version, Windows Live Messenger 8.1, is not vulnerable to this issue. As a best practice, we always recommend running the most recent version of Windows Live Messenger for the latest security and reliability updates."
Proof-of-concept exploit for this vulnerability is publicly available online, a factor that makes launching an attack far more plausible. No fixes are currently available. However, users could address the flaw by upgrading to Windows Live Messenger 8.1 or later.




Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.