[NT] Vulnerability in MSN Messenger Could Lead to Remote Code Execution (MS05-022)
From: SecuriTeam (support_at_securiteam.com)
Date: 04/13/05
- Previous message: SecuriTeam: "[NT] Vulnerability in Exchange Server Allows Remote Code Execution (MS05-021)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 13 Apr 2005 11:54:29 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Vulnerability in MSN Messenger Could Lead to Remote Code Execution
(MS05-022)
------------------------------------------------------------------------
SUMMARY
A remote code execution vulnerability exists in MSN Messenger that could
allow an attacker who successfully exploited this vulnerable to take
complete control of the affected system.
DETAILS
Affected Software:
* MSN Messenger 6.2 -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=12750556-D4D0-42D6-9F05-1FF3C799BB10> Download the update
Non-Affected Software:
* MSN Messenger 7.0
CVE Information:
MSN Messenger Vulnerability -
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0562>
CAN-2005-0562
Mitigating Factors for MSN Messenger Vulnerability - CAN-2005-0562:
MSN Messenger, by default, does not allow anonymous people to send you
messages. An attacker would first need to entice you to add them to your
contacts list.
Workarounds for MSN Messenger Vulnerability - CAN-2005-0562:
Microsoft has tested the following workarounds. While these workarounds
will not correct the underlying vulnerability, they help block known
attack vectors. When a workaround reduces functionality, it is identified
in the following section.
* Review all of the contacts currently in your contact list and remove or
block any that you do not know, do not trust or no longer need.
* Do not agree to accept file transfers from contacts you do not know or
trust.
* Block access to <http://kb/article.asp?id=Q889829> MSN Messenger and
Web Messenger in a corporate environment.
* Block access to outgoing port 1863 in your corporate environment. Note
MSN Messenger Service is connected through port 1863 when a direct
connection is established. When a direct connection cannot be established,
the MSN Messenger Service is connected through port 80.
* Block HTTP access to gateway.messenger.hotmail.com. If you would like
to block access to MSN Web Messenger you will also need to block HTTP
access to webmessenger.msn.com.
Impact of Workaround: MSN Messenger clients will not be able to connect to
the MSN Messenger network.
FAQ for MSN Messenger Vulnerability - CAN-2005-0562:
Is the MSN Messenger 7.0 beta affected by this vulnerability?
Yes. This vulnerability was reported after the release of the MSN
Messenger 7.0 beta. Customers running the 7.0 beta version on MSN
Messenger are encouraged to upgrade to the released version of the
software which is not vulnerable.
What is the scope of the vulnerability?
This is a remote code execution vulnerability. An attacker who
successfully exploited this vulnerability could take complete control of
an affected system.
What causes the vulnerability?
MSN Messenger has the ability to render and view files in the GIF image
format. A malformed GIF image with an improper height and width may not be
processed properly by MSN Messenger.
What is GIF?
GIF stands for Graphic Interchange Format. It is an older 256 color
palette that was more compatible with the 8 bit video boards. It has since
largely been replaced by the PNG and TIF graphics format.
What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could take
complete control of the affected system.
Who could exploit the vulnerability?
An attacker would likely seek to exploit this vulnerability by convincing
a user to add them to their contacts list, and sending a specially crafted
emoticon or display picture.
What systems are primarily at risk from the vulnerability?
Workstations and terminal servers are primarily at risk. Servers could be
at more risk if users who do not have sufficient administrative
credentials are given the ability to log on to servers and run programs.
However, best practices strongly discourage allowing this.
Are Windows 98, Windows 98 Second Edition or Windows Millennium Edition
critically affected by this vulnerability?
Yes. Customers running an affected version of MSN Messenger should install
the updated version of MSN Messenger.
What does the update do?
The update removes the vulnerability by modifying the way MSN Messenger
validates GIF files prior to processing them.
When this security bulletin was issued, had this vulnerability been
publicly disclosed?
No. Microsoft received information about this vulnerability through
responsible disclosure.
How does this vulnerability relate to the PNG processing vulnerability
that is corrected by MS05-009?
Both vulnerabilities affected graphics formats. However, this update
addresses a new vulnerability in a different type of graphics format that
was not addressed as part of MS05-009. MS05-009 helps protect against the
vulnerability that is discussed in that bulletin, but does not address
this new vulnerability. This update does replace MS05-009 for MSN
Messenger.
ADDITIONAL INFORMATION
The original article can be found at:
<http://www.microsoft.com/technet/security/bulletin/MS05-022.mspx>
http://www.microsoft.com/technet/security/bulletin/MS05-022.mspx
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[NT] Vulnerability in Exchange Server Allows Remote Code Execution (MS05-021)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
