Chill-Out
26-09-2007, 10:47
Fonte: SecurityFocus
http://www.securityfocus.com/bid/25795
Windows live Messenger malformed file overflow DoS remote exploitation.
Windows live Messenger malformed file overflow remote exploitation.
(windows ole32.dll ms07-024) (windows GDI MS07-046 )
vendor url: http://www.microsoft.com/ , http://get.live.com/messenger/overview
Advisore: http://lostmon.blogspot.com/2007/09/
windows-live-messenger-jpg-overflow.html
Vendor notify:YES Vendor Confirmed:yes(DoS issue) Explotation include:YES
A buffer overflow exists in Windows MSN Live. The GDI engine fails
to representate malformed data in image files resulting in a buffer
overflow. With a specially crafted jpg or wmf or gif file or doc
file or ico, an attacker can cause arbitrary code execution
(not Shure RCE) or a DoS resulting in a loss of integrity.
After install this patch for a vulnerability in windows GDI
MS07-046 i make several probes with some malformed image files
(jpj,gif,wmf,ico,doc) and i have the same result before i install
this patch and after install it.
All of this versions and Windows MSN live 8.1
I donīt know if other versions of windows are prone
vulnerables too , but i think that is vulnerable
all systems related in MS07-046 Microsoft Bulleting.
win xp media Center version 2002 service pack 2
Win XP pro
Win XP home
No solution was available at this time, but
DONīT SHARE ANY FOLDER IN MSN UTIL
HAVE A SOLUTION OR PATCH !!!!!!
The vendor planing address this issue
in the next service pack.
http://www.securityfocus.com/bid/25795
Windows live Messenger malformed file overflow DoS remote exploitation.
Windows live Messenger malformed file overflow remote exploitation.
(windows ole32.dll ms07-024) (windows GDI MS07-046 )
vendor url: http://www.microsoft.com/ , http://get.live.com/messenger/overview
Advisore: http://lostmon.blogspot.com/2007/09/
windows-live-messenger-jpg-overflow.html
Vendor notify:YES Vendor Confirmed:yes(DoS issue) Explotation include:YES
A buffer overflow exists in Windows MSN Live. The GDI engine fails
to representate malformed data in image files resulting in a buffer
overflow. With a specially crafted jpg or wmf or gif file or doc
file or ico, an attacker can cause arbitrary code execution
(not Shure RCE) or a DoS resulting in a loss of integrity.
After install this patch for a vulnerability in windows GDI
MS07-046 i make several probes with some malformed image files
(jpj,gif,wmf,ico,doc) and i have the same result before i install
this patch and after install it.
All of this versions and Windows MSN live 8.1
I donīt know if other versions of windows are prone
vulnerables too , but i think that is vulnerable
all systems related in MS07-046 Microsoft Bulleting.
win xp media Center version 2002 service pack 2
Win XP pro
Win XP home
No solution was available at this time, but
DONīT SHARE ANY FOLDER IN MSN UTIL
HAVE A SOLUTION OR PATCH !!!!!!
The vendor planing address this issue
in the next service pack.