Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[NT] Vulnerability in MSN Messenger and Windows Live Messenger Allows Co

from [SecuriTeam] Network Security [Permanent Link]
Subject: [NT] Vulnerability in MSN Messenger and Windows Live Messenger Allows Code Execution (MS07-054)
Date: 16 Sep 2007 13:57:42 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Vulnerability in MSN Messenger and Windows Live Messenger Allows Code 
Execution (MS07-054)
------------------------------------------------------------------------


SUMMARY

The vulnerability could allow remote code execution when a user accepts a 
webcam or video chat invitation from an attacker. An attacker who 
successfully exploited this vulnerability could take complete control of 
the affected system.

Users whose accounts are configured to have fewer user rights on the 
system could be less impacted than users who operate with administrative 
user rights.

DETAILS

Affected Software:
 * Microsoft Windows 2000 Service Pack 4
   *MSN Messenger 6.2
   *MSN Messenger 7.0
 * Windows XP Service Pack 2
   *MSN Messenger 6.2
   *MSN Messenger 7.0
   *MSN Messenger 7.5
   *Windows Live Messenger 8.0
 * Windows XP Professional x64 Edition
   *MSN Messenger 6.2
   *MSN Messenger 7.0
   *MSN Messenger 7.5
   *Windows Live Messenger 8.0
 * Windows XP Professional x64 Edition Service Pack 2
   *MSN Messenger 6.2
   *MSN Messenger 7.0
   *MSN Messenger 7.5
   *Windows Live Messenger 8.0
 * Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 
2
   *MSN Messenger 6.2
   *MSN Messenger 7.0
   *MSN Messenger 7.5
   *Windows Live Messenger 8.0
 * Windows Server 2003 x64 Edition
   *MSN Messenger 6.2
   *MSN Messenger 7.0
   *MSN Messenger 7.5
   *Windows Live Messenger 8.0
 * Windows Server 2003 x64 Edition Service Pack 2
   *MSN Messenger 6.2
   *MSN Messenger 7.0
   *MSN Messenger 7.5
   *Windows Live Messenger 8.0
 * Windows Vista
   *MSN Messenger 6.2
   *MSN Messenger 7.0
   *MSN Messenger 7.5
   *Windows Live Messenger 8.0
 * Windows Vista x64 Edition
   *MSN Messenger 6.2
   *MSN Messenger 7.0
   *MSN Messenger 7.5
   *Windows Live Messenger 8.0

Non-Affected Software:
 * Microsoft Windows 2000 Service Pack 4
   *MSN Messenger 7.0.0820
 * Windows XP Service Pack 2
   *Windows Live Messenger 8.1
 * Windows XP Professional x64 Edition
   *Windows Live Messenger 8.1
 * Windows XP Professional x64 Edition Service Pack 2
   *Windows Live Messenger 8.1
 * Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 
2
   *Windows Live Messenger 8.1
 * Windows Server 2003 x64 Edition
   *Windows Live Messenger 8.1
 * Windows Server 2003 x64 Edition Service Pack 2
   *Windows Live Messenger 8.1
 * Windows Vista
   *Windows Live Messenger 8.1
 * Windows Vista x64 Edition
   *Windows Live Messenger 8.1

MSN Messenger Webcam or Video Chat Session Remote Code Execution 
Vulnerability:
A remote code execution vulnerability exists in MSN Messenger 6.2, MSN 
Messenger 7.0, MSN Messenger 7.5, and Windows Live Messenger 8.0. The 
vulnerability could allow remote code execution when a user chooses to 
accept a webcam or video chat invitation from an attacker. An attacker who 
successfully exploited this vulnerability could take complete control of 
the affected system. Users whose accounts are configured to have fewer 
user rights on the system could be less impacted than users who operate 
with administrative user rights.

To view this vulnerability as a standard entry in the Common 
Vulnerabilities and Exposures list, see  
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2931> 
CVE-2007-2931.

Mitigating Factors for MSN Messenger Webcam or Video Chat Session Remote 
Code Execution Vulnerability:
Mitigation refers to a setting, common configuration, or general 
best-practice, existing in a default state, that could reduce the severity 
of exploitation of a vulnerability. The following mitigating factors may 
be helpful in your situation:

 * To exploit the vulnerability, an attacker would have to persuade a user 
to accept a webcam or video chat invitation in an MSN Messenger or Windows 
Live Messenger message. An attacker would have no way to force users to 
accept the webcam or video chat invitation. Instead, an attacker would 
have to convince users to accept the webcam or video chat invitation.

 * An attacker who successfully exploited this vulnerability could gain 
the same user rights as the local user. Users whose accounts are 
configured to have fewer user rights on the system could be less impacted 
than users who operate with administrative user rights.

 * Users of Windows Live Messenger 8.1, released in January 2007, are 
already protected from this vulnerability. Users of MSN Messenger 
7.0.0820, recently released, are also already protected from this 
vulnerability.

Workarounds for MSN Messenger Webcam or Video Chat Session Remote Code 
Execution Vulnerability:
Workaround refers to a setting or configuration change that does not 
correct the underlying vulnerability but would help block known attack 
vectors before you perform the upgrade. Microsoft has tested the following 
workarounds and states in the discussion whether a workaround reduces 
functionality:

 * Block MSN Messenger or Windows Live Messenger traffic by using ISA 
Server. See Microsoft Knowledge Base Article 925120.

Impact of workaround. This prevents MSN Messenger or Windows Live 
Messenger traffic from entering or leaving your enterprise.

 * Block select network ports for MSN Messenger or Windows Live Messenger. 
See Microsoft Knowledge Base Article 927847.

Impact of workaround. This allows administrators to selectively prevent 
webcam and video chat sessions, as opposed to blocking MSN Messenger or 
Windows Live Messenger traffic completely.

FAQ for MSN Messenger Webcam or Video Chat Session Remote Code Execution 
Vulnerability:
What is the scope of the vulnerability? 
This is a remote code execution vulnerability. An attacker who 
successfully exploited this vulnerability could take complete control of 
an affected system. An attacker could then install programs or view, 
change, or delete data, or create new accounts with full user rights. 
Users whose accounts are configured to have fewer user rights on the 
system could be less impacted than users who operate with administrative 
user rights.

What causes the vulnerability? 
The vulnerability exists in the way MSN Messenger or Windows Live 
Messenger handles specially crafted webcam or video chat sessions. As a 
result, memory may be corrupted in such a way that an attacker could 
execute arbitrary code in the security context of the logged-in user.

What might an attacker use the vulnerability to do? 
An attacker who successfully exploited this vulnerability could take 
complete control of an affected system. An attacker could then install 
programs or view, change, or delete data, or create new accounts with full 
user rights. Users whose accounts are configured to have fewer user rights 
on the system could be less impacted than users who operate with 
administrative user rights.

How could an attacker exploit the vulnerability? 
An attacker could send an invitation to a user to join in a specially 
crafted webcam or video chat session that is designed to exploit this 
vulnerability. However, an attacker would have no way to force users to 
join a webcam or video chat session. Instead, an attacker would have to 
convince users to accept the webcam or video chat invitation.

What systems are primarily at risk from the vulnerability? 
This vulnerability requires that a user be signed on to the MSN Messenger 
or Windows Live Messenger service and accept a webcam or video chat 
invitation for any malicious action to occur. Therefore, any system where 
MSN Messenger 6.2, MSN Messenger 7.0, MSN Messenger 7.5, or Windows Live 
Messenger 8.0 is used, such as workstations or servers, is at risk from 
this vulnerability.

What does the update do? 
MSN Messenger 7.0.0820 and Windows Live Messenger 8.1 have been updated to 
sufficiently manage webcam or video chat sessions.

I do not use any webcams. Do I still have to upgrade? 
Yes. When you sign on, the MSN Messenger or Windows Live Messenger service 
will notify you to upgrade to the appropriate MSN Messenger or Windows 
Live Messenger client for your platform if you have not done so.

When this security bulletin was issued, had this vulnerability been 
publicly disclosed? 
Yes. This vulnerability has been publicly disclosed. It has been assigned 
Common Vulnerability and Exposure number CVE-2007-2931.

When this security bulletin was issued, had Microsoft received any reports 
that this vulnerability was being exploited? 
No. Microsoft had seen examples of proof of concept code published 
publicly but had not received any information to indicate that this 
vulnerability had been publicly used to attack customers when this 
security bulletin was originally issued.


ADDITIONAL INFORMATION

The information has been provided by Microsoft Security Bulletin MS07-054.
The original article can be found at:
 <http://www.microsoft.com/technet/security/bulletin/ms07-054.mspx> 
http://www.microsoft.com/technet/security/bulletin/ms07-054.mspx



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [NT] Vulnerability in MSN Messenger and Windows Live Messenger Allows Code Execution (MS07-054), SecuriTeam <=
Previous by Date:  [NT] Vulnerability in Windows Services for UNIX Allows Elevation of Privilege (MS07-053), SecuriTeam
Next by Date:  [UNIX] Multiple Kerberos Implementations Authentication Context Stack Overflow Vulnerability, SecuriTeam
Previous by Thread:  [NT] Vulnerability in Windows Services for UNIX Allows Elevation of Privilege (MS07-053), SecuriTeam
Next by Thread:  [UNIX] Multiple Kerberos Implementations Authentication Context Stack Overflow Vulnerability, SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]