Bugtraq: RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit

From: "Andrew Hunter" <andiroohunter () msn com>
Date: Thu, 10 Feb 2005 09:48:37 +0000

Ok after switching to MSN 6 still couldn't load the image as my displaypicture. It turns out that the instructions provided with this file arewrong! You have to send the victim the image via the file transfer mode onMSN.

I have tested this and can varify that it works. It isn't an autoexploitation, the user has to click the link to view the file, at whichpoint there msn will freeze and a .exe will be dropped onto thesystem(assuming HTTP isn't blocked by the firewall). The victim will knowthat something dodgy has happened since in each case their MSNcloses/freezes.

By Date By Thread

Current thread:

MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit ATmaCA ATmaCA (Feb 09)
- RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit Andrew Hunter (Feb 09)
  - RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit Color Inc. (Feb 10)
- RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit Andrew Hunter (Feb 10)
- <Possible follow-ups>
- RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit Thor Larholm (Feb 10)