JAAScois reported a vulnerability in Windows Live Messenger. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted contact list (*.ctt) file that, when loaded by the target user, will trigger a heap overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user.
A demonstration exploit is available at:
http://www.jaascois.com/exploits/18602016/CLexploits.ctt
No comments:
Post a Comment