Andr0m3da
Power Member
-- Microsoft has warned -at
http://www.microsoft.com/technet/security/bulletin/MS02-022.asp- of a
security problem in MSN Chat Control (*), which ships with MSN Messenger and
Exchange Instant Messenger.
This vulnerability could lead to a buffer overflow, which could allow code
to be run in the user context on the affected machine. The attacker could
exploit this vulnerability from a malicious website or from a specially
crafted html mail. However, according to Microsoft, Outlook 98 and Outlook
2000 with the Outlook Email Security Update, Outlook 2002, and Outlook
Express 6.0 can block the HTML mail attack because of default security
settings.
To fix the vulnerability, Microsoft has released a patch which can be
downloaded from:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=38790
The company also offers updated versions of the affected software which can
be downloaded from the following addresses.
-For MSN Chat: http://chat.msn.com
-For MSN Messenger:
http://messenger.msn.com/download/download.asp?client=1&update=1
- For Exchange Instant Messenger:
http://www.microsoft.com/Exchange/downloads/2000/IMclient.asp
(*) The MSN Chat control allows groups of users to meet in a virtual
location and communicate via text messages. It can be downloaded as a single
ActiveX control from numerous MSN sites and also ships with MSN Messenger
version 4.5 and later and with Exchange Instant Messenger, adding chat
functions to these applications.
http://www.microsoft.com/technet/security/bulletin/MS02-022.asp- of a
security problem in MSN Chat Control (*), which ships with MSN Messenger and
Exchange Instant Messenger.
This vulnerability could lead to a buffer overflow, which could allow code
to be run in the user context on the affected machine. The attacker could
exploit this vulnerability from a malicious website or from a specially
crafted html mail. However, according to Microsoft, Outlook 98 and Outlook
2000 with the Outlook Email Security Update, Outlook 2002, and Outlook
Express 6.0 can block the HTML mail attack because of default security
settings.
To fix the vulnerability, Microsoft has released a patch which can be
downloaded from:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=38790
The company also offers updated versions of the affected software which can
be downloaded from the following addresses.
-For MSN Chat: http://chat.msn.com
-For MSN Messenger:
http://messenger.msn.com/download/download.asp?client=1&update=1
- For Exchange Instant Messenger:
http://www.microsoft.com/Exchange/downloads/2000/IMclient.asp
(*) The MSN Chat control allows groups of users to meet in a virtual
location and communicate via text messages. It can be downloaded as a single
ActiveX control from numerous MSN sites and also ships with MSN Messenger
version 4.5 and later and with Exchange Instant Messenger, adding chat
functions to these applications.