VICUG-L Archives

Visually Impaired Computer Users' Group List

VICUG-L@LISTSERV.ICORS.ORG
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
MSN Vulnerability May 14 2002
From:
Barry Murdoch <[log in to unmask]>
Reply To:
Barry Murdoch <[log in to unmask]>
Date:
Tue, 14 May 2002 21:16:01 -0700
Content-Type:
text/plain
Parts/Attachments:
text/plain (36 lines) 
Todays News!
Critical update for MSN Instant Messenger.

posted 8:39am EST Tue May 14 2002
NEWS
The good people at eEye Digital Security have discovered a vulnerability in
MSN Chat, an ActiveX control which is bundled with MSN Messenger and
Exchange Instant Messenger. The version of Messenger included with Windows
XP is not affected. Microsoft states that Outlook Express 6 and the Outlook
e-mail security update can close the flaw, but the download of the updates
for Outlook e-mail has been slow, which leaves a significant number of
Messenger users vulnerable.

The flaw is exploited when a user is enticed to either open a maliciously
coded HTML e-mail or visit a maliciously coded website. The website or
e-mail then overloads a buffer inside the chat function, allowing code to be
written to pieces of memory and then subsequently executed.

Programs affected are MSN Messenger 4.5 and 4.6, as well as Exchange
Messenger 4.5 and 4.6. All of these contain the MSN Chat control (the
offending component).

Check out Microsoft bulletin for more details.
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=38790

Barry Murdoch


VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask]  In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
 VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html

ATOM RSS1 RSS2