Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theater
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
WiFi Finder
Locate wireless services by a specific address, city, state, country, airport, or zip code.
IE Bug Opens New Hole in MSN Messenger
Bug-hunters say a second, more dangerous flaw could invite worms, PC invaders.
Joris Evers, IDG News Service
Shortly after Microsoft admitted MSN Messenger has a bug that could disclose the names and e-mail addresses on a user's contact list, the company is being confronted with what seems to be a bigger hole.
A malicious Web site operator can hijack a user's MSN Messenger instant messaging application and perform all tasks, including sending messages and personal files, bug-hunters claimed this weekend. The charge was posted in a bulletin on the Bugtraq mailing list on Saturday, and a warning issued by security software firm Finjan Software on Sunday.
To take over a user's MSN Messenger program, an attacker has to exploit a known hole in Internet Explorer by sending specially crafted code in an HTML e-mail or directing the user to a Web site that contains that code, according to the security advisories.
The Internet Explorer hole, known as the Document.Open() bug, was first discovered in December.
Microsoft has yet to plug the hole. A patch was initially published late last week, only to be removed from the Windows Update service hours later, according to a message on Tom Gilder's Web site. Gilder wrote the Bugtraq bulletin. Microsoft representatives said no one at the software company was available to comment on the latest bug report.
Security Concern
Security researchers at Finjan expect the flaw to be exploited by many. The firm states that an "MSN Messenger worm" could be written based on this vulnerability. Systems with Internet Explorer 5.5. and 6.0 and MSN Messenger 2.21 and above installed are vulnerable, according to Finjan.
Users can protect themselves by disabling active scripting in Internet Explorer or by not using MSN Messenger, which is software offered for free by Microsoft and is a standard part of Windows XP.
Microsoft on Friday confirmed that MSN Messenger has a bug that could disclose the names and e-mail addresses on a user's contact list to malicious Web site operators.
The company declared the problem 'low-risk,' and is working on an update for MSN Messenger to fix that flaw. Microsoft representatives suggest users solve the problem by downloading and installing the update when it becomes available. This flaw was also initially mentioned in an alert posted to the Bugtraq security e-mail list on February 2.
Full Windows 7 coverage
Microsoft Office Home and Student 2007
Featured APC Accessories
-
APC Back-UPS ES Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
-
APC Smart-UPS Loaded with cutting-edge features, unique battery life predictor, unbeatable on-line efficiencies and software agents allowing remote UPS monitoring. Get 10% off your entire kart purchase!
People who read this also read:
Best Prices on Antivirus Software
Norton Antivirus 2010 (Full Product, 1 User)Price: $17.95
Anti-virus 2010 (OEM Product, 1 User)Price: $21.66
Norton AntiVirus 2009 (Full Product)Price: $16.89
AntiVirus 2010 (Full Product)Price: $24.95
VirusScan Plus 2009 (Full Product, 1 User)Price: $13.88
Anti-Virus 2009 (Full Product)Price: $15.04
- 15 Minutes to a Secure Business Get the Secure in 15 toolkit starting with the "15 Minutes Month-at-a-Glance" calendar. McAfee will send you additional tools and tricks to stay protected around the clock.
- A Buyer's Guide to Data Protection Implementing data protection products and processes can be daunting. Make the right decisions by exploring what is available and what makes sense for your organization. Use this simple guide to evaluate different vendor offerings.
