Following a severe flaw found in Yahoo Messenger
a couple of weeks ago, which involved a glitch in the webcam functionality of the IM client, researchers have found a similar hole
in Microsoft's MSN Messenger.
The flaw lies in MSN Messenger's video chat component found in versions 7.x and 6.x of the IM client and could allow an attacker to remotely execute code on a user's system. Security firm Secunia rated the vulnerability as 'highly critical', the second highest of its five alert levels. A Microsoft spokesperson stated:
"Our investigation so far shows that the latest version, Windows Live Messenger 8.1, is not vulnerable to this issue. As a best practice, we always recommend running the most recent version of Windows Live Messenger for the latest security and reliability updates."
Proof-of-concept exploit for this vulnerability is publicly available online, a factor that makes launching an attack far more plausible. No fixes are currently available. However, users could address the flaw by upgrading to Windows Live Messenger 8.1 or later