Monday, June 26, 2006

Windows Live Messenger Contact List Heap Overflow

JAAScois reported a vulnerability in Windows Live Messenger. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted contact list (*.ctt) file that, when loaded by the target user, will trigger a heap overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user.

A demonstration exploit is available at:

http://www.jaascois.com/exploits/18602016/CLexploits.ctt

No comments:

Post a Comment