Signature Detail

MSN: Invalid PNG Width

This signature detects invalid PNG (Portable Network Graphic) files sent through MSN messenger. PNG images are typically used for iconic emoticons such as smilies ( :-) ). A malicious user can send a vulnerable chat client an invalid PNG file to cause a buffer overflow, enabling the user to remotely execute arbitrary code.

Extended Description

A remote buffer overflow vulnerability affects the Portable Network Graphics (PNG) image format processing functionality of Microsoft Windows Media Player. This issue is due to a failure of the application to properly validate the size of image data prior to copying it into static process buffers. An attacker may exploit this issue to execute arbitrary code with the privileges of the SYSTEM user. This will facilitate unauthorized access and privilege escalation.

Affected Products

• Microsoft msn_messenger_service 6.1
• Microsoft msn_messenger_service 6.2
• Microsoft windows_media_player 9.0
• Microsoft windows_media_services 9.0 Series
• Microsoft windows_messenger 4.7.0.2009
• Microsoft windows_messenger 4.7.0.3000
• Microsoft windows_messenger 5.0
• Nortel_networks ip_softphone_2050
• Nortel_networks mobile_voice_client_2050
• Nortel_networks optivity_telephony_manager_(otm)
• Nortel_networks symposium_call_center_server_(sccs)

References

• BugTraq: 12485
• CVE: CVE-2004-1244