Even though the recent webcam vulnerability in MSN/Windows Live Messenger was only just addressed, another exploitable bug has already surfaced. This time it’s a buffer overflow error that affects the Sharing folders feature in Windows Live Messenger 8.1 (and maybe other versions) running on Windows XP.
The safety of the Sharing folder feature got questioned before, but we now have a concrete example of how it can be abused. A Spanish security expert going by the name of Lostmon Lords has discovered that an attacker can cause a Denial-of-Service (DoS) or even execute arbitrary code in Windows Live Messenger 8.1 by means of a specially crafted jpg, wmf, gif, ico or doc-file.
blue screen of deathThe attacker can “Create a sharing folder” for its victim and then put the malformed file into the physical location of that folder on his hard drive (My Computer > My Sharing Folders > email@example.com). Note that if the attacker would drag & drop the file directly into the Messenger window, his own client would crash. Considering that the victim has accepted the sharing folder, the attacker can simply click the sharing icon to crash Windows Live Messenger, or even Windows XP entirely when the process isn’t terminated in time. The victim then needs to delete the sharing folder entirely to cease the exploitation.
The vulnerability was discovered on the 20th of August 2007 and reported to Microsoft on the 23rd. The company responded one day later that it will address the issue in “the next service pack”. Although there have been no reports yet of actual exploitation via this method, you should note that in order to protect yourself you should avoid sharing folders with contacts you don’t trust.
Microsoft, MSN, Windows Live, Messenger, Windows Live Messenger 8.1, Vulnerabiluty, Flaw, Bug, Exploit, Buffer overflow