Signature Detail

MSN: Gif File Buffer Overflow

This signature detects attempts to exploit a known vulnerability against NSN client. Attackers can send an excessively sized GIF file through the MSN Messenger's file transfer service, which can lead to a denial-of-service condition or allow remote code execution.

Extended Description

Microsoft MSN Messenger is prone to a remote buffer-overflow vulnerability when handling malformed Graphic Interchange Format (GIF) images. This may allow an attacker to gain unauthorized access to an affected computer by executing arbitrary code, reportedly resulting in system-level compromise. Specially crafted emoticons or display pictures are likely to be used in a client-to-client attack. Other attack vectors may exist as well. MSN Messenger 6.2 and MSN Messenger 7.0 beta are vulnerable.

Affected Products

• Microsoft MSN Messenger Service 6.2
• Microsoft MSN Messenger Service 7.0 beta

References

• BugTraq: 13114
• CVE: CVE-2005-0562
• URL: http://www.microsoft.com/technet/security/bulletin/MS05-022.mspx
• URL: http://www.kb.cert.org/vuls/id/633446