Short Name |
CHAT:MSN:GIF-OVERFLOW |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
CHAT |
Keywords |
Gif File Buffer Overflow |
Release Date |
2005/04/07 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against NSN client. Attackers can send an excessively sized GIF file through the MSN Messenger's file transfer service, which can lead to a denial-of-service condition or allow remote code execution.
Microsoft MSN Messenger is prone to a remote buffer-overflow vulnerability when handling malformed Graphic Interchange Format (GIF) images. This may allow an attacker to gain unauthorized access to an affected computer by executing arbitrary code, reportedly resulting in system-level compromise. Specially crafted emoticons or display pictures are likely to be used in a client-to-client attack. Other attack vectors may exist as well. MSN Messenger 6.2 and MSN Messenger 7.0 beta are vulnerable.