|
|||||||
|
|
|
 |
|
|
Strumenti |
26-09-2007, 10:47
|
#1 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
News - Nuova vulnerabilità in Microsoft Live Messenger
Fonte: SecurityFocus
http://www.securityfocus.com/bid/25795 Windows live Messenger malformed file overflow DoS remote exploitation. Windows live Messenger malformed file overflow remote exploitation. (windows ole32.dll ms07-024) (windows GDI MS07-046 ) vendor url: http://www.microsoft.com/ , http://get.live.com/messenger/overview Advisore: http://lostmon.blogspot.com/2007/09/ windows-live-messenger-jpg-overflow.html Vendor notify:YES Vendor Confirmed:yes(DoS issue) Explotation include:YES A buffer overflow exists in Windows MSN Live. The GDI engine fails to representate malformed data in image files resulting in a buffer overflow. With a specially crafted jpg or wmf or gif file or doc file or ico, an attacker can cause arbitrary code execution (not Shure RCE) or a DoS resulting in a loss of integrity. After install this patch for a vulnerability in windows GDI MS07-046 i make several probes with some malformed image files (jpj,gif,wmf,ico,doc) and i have the same result before i install this patch and after install it. All of this versions and Windows MSN live 8.1 I don´t know if other versions of windows are prone vulnerables too , but i think that is vulnerable all systems related in MS07-046 Microsoft Bulleting. win xp media Center version 2002 service pack 2 Win XP pro Win XP home No solution was available at this time, but DON´T SHARE ANY FOLDER IN MSN UTIL HAVE A SOLUTION OR PATCH !!!!!! The vendor planing address this issue in the next service pack.
__________________
Try again and you will be luckier.
Ultima modifica di Chill-Out : 26-09-2007 alle 11:04. |
|
|
|
26-09-2007, 10:58
|
#2 |
|
Senior Member
Iscritto dal: Mar 2006
Messaggi: 22121
|
grazie per la segnalazione
|
|
|
|
|
26-09-2007, 11:03
|
#3 | |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Quote:
__________________
Try again and you will be luckier.
|
|
|
|
|
|
26-09-2007, 11:47
|
#4 |
|
Bannato
Iscritto dal: Sep 2006
Città: Palermo
Messaggi: 1241
|
Grazie a entrambi!
 Io nel frattempo lo aggiungo nella lista di applicazioni da far proteggere a comodo memory guardian  Ciao |
|
|
|
|
26-09-2007, 18:11
|
#5 |
|
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3259
|
grazie c.m.g. sempre guardingo e attento
__________________
Opera disabilitazione script ed iframe  Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...
|
|
|
|
|
26-09-2007, 18:59
|
#6 | |
|
Senior Member
Iscritto dal: Apr 2007
Messaggi: 2306
|
Quote:
 cmq io il messenger non lo uso da 4 mesi 
|
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 19:37.
