Even though the recent webcam vulnerability in MSN/Windows Live Messenger was only just addressed, another exploitable bug has already surfaced. This time it's a buffer overflow error that affects the Sharing folders feature in Windows Live Messenger 8.1 (and maybe other versions) running on Windows XP.
The safety of the Sharing folder feature got questioned before, but we now have a concrete example of how it can be abused. A Spanish security expert going by the name of Lostmon Lords has discovered that an attacker can cause a Denial-of-Service (DoS) or even execute arbitrary code in Windows Live Messenger 8.1 by means of a specially crafted jpg, wmf, gif, ico or doc-file.
The attacker can "Create a sharing folder" for its victim and then put the malformed file into the physical location of that folder on his hard drive (My Computer > My Sharing Folders >
victim@hotmail.com). Note that if the attacker would drag & drop the file directly into the Messenger window, his own client would crash. Considering that the victim has accepted the sharing folder, the attacker can simply click the sharing icon to crash Windows Live Messenger, or even Windows XP entirely when the process isn't terminated in time. The victim then needs to delete the sharing folder entirely to cease the exploitation.
Read full story...
More...