Another serious MSN Messenger flaw
Results 1 to 5 of 5

Thread: Another serious MSN Messenger flaw

  1. #1

    Another serious MSN Messenger flaw

    From BugTraq:

    Introduction to the flaw.
    Msn Messenger is a popular Instant-Messaging client from
    Microsoft. After the previous flaws regarding the privacy
    of users another flaw is discovered. This flaw makes the
    msn messenger client crash after receiving a misformated
    font variable in the message header with instant messages.

    How does it work exactly?
    The Msn Messenger client works by sending a header with
    every message. So every time a user wants to send a
    message, it generates a header, containing information
    about the font, the color of the message and some other
    information.

    The flaw
    A normal header look something like this:

    <start>
    MIME-Version: 1.0
    Content-Type: text/plain; charset=UTF-8
    X-MMS-IM-Format: FN=MS%20Sans%20Serif; EF=B; CO=ff; CS=0;
    PF=22

    hey friend, how are you?
    <end>

    When we replace the font field with something very large.
    Creating an overflaw the header will look like this:

    <start>
    MIME-Version: 1.0
    Content-Type: text/plain; charset=UTF-8
    X-MMS-IM-Format: FN=Times%20%20%20%20%20%20%20%20%20%20
    %20%20%20%20%20%20%20%20%20%20%20%20
    %20%20%20%20%20%20%20%20%20%20%20%20
    %20New%20%20%20%20%20%20%20%20%20%20
    %20%20%20%20%20%20%20%20%20%20%20%20
    Roman%20%20%20%20%20%20%20%20%20%20%20; EF=B; CO=ff; CS=0;
    PF=22

    hey friend, how are you?
    <end>

    As a result the Msn Messenger client will crash

    this flaw only crashes the Msn Messenger from Microsoft.
    Trillian is not affected.

    This flaw is a severe danger. As it's not so hard for
    hackers to use this flaw in their application.
    Microsoft has been informed on this issue.


    When are people GOING TO LEARN about buffer overflows? I wonder how many more holes exist in MSN Messenger?

  2. #2
    Senior Member
    Join Date
    Apr 2002
    Posts
    712
    Microsoft has the habit of hiring programmers right-out-of-college... unfortunately, it seems that college profs are just as good about not teaching/enforcing bounds and fencepost conditions on their assignments. So, well, I think as a result there's a lot of junior level (and probably mid-level or better) programmers out there that are not very good about "checking all possible extraneous conditions."

    <rant>
    Some people just don't seem to get it... it doesn't matter that you know the client and you know the server and both are "doing the right thing." If you supply enough of your program/system to the industry, some bozo will surely love to get in the middle of that conversation and supply you with data that you probably didn't expect...

    It's kinda like "yeah, I know you wrote that webform and coded it well, even using javascript to validate your input - but my perl script knows nothing of your stupid webform and will supply your CGI with whatever the h*ll I tell it to."
    </rant>
    \"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"

  3. #3
    Senior Member cwk9's Avatar
    Join Date
    Feb 2002
    Posts
    1,211
    lol Trillian is a better msn then msn is.
    Its not software piracy. Iím just making multiple off site backups.

  4. #4
    Banned
    Join Date
    Mar 2002
    Posts
    520
    I agree Trillian has only two holes, one of them I found out about and it seems to have a better GUI aswell as a better server for maintaining uptime.

  5. #5
    Senior Member
    Join Date
    Apr 2002
    Posts
    204
    And that is why I don't program because I get in a rush and would forget things....

    Cybermagellan your program just allowed someone to shut down the whole internet...what do you have to say?

    see the things that can be avoided when you know your bounds!
    Beware the quiet ones...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •