Signature Detail

MSN: Invalid PNG Height

This signature detects invalid PNG (Portable Network Graphic) files sent through MSN messenger. PNG images are typically used for iconic emoticons such as smilies ( :-) ). A malicious user can send a vulnerable chat client an invalid PNG file to cause a buffer overflow, enabling the user to remotely execute arbitrary code.

Extended Description

A remote buffer overflow vulnerability affects the Portable Network Graphics (PNG) image format processing functionality of Microsoft Windows Media Player. This issue is due to a failure of the application to properly validate the size of image data prior to copying it into static process buffers. An attacker may exploit this issue to execute arbitrary code with the privileges of the SYSTEM user. This will facilitate unauthorized access and privilege escalation.

Affected Products

• Microsoft MSN Messenger Service 6.1
• Microsoft MSN Messenger Service 6.2
• Microsoft Windows Media Player 9.0
• Microsoft Windows Media Services 9.0 Series
• Microsoft Windows Messenger 4.7.0.2009
• Microsoft Windows Messenger 4.7.0.3000
• Microsoft Windows Messenger 5.0
• Nortel Networks IP softphone 2050
• Nortel Networks Mobile Voice Client 2050
• Nortel Networks Optivity Telephony Manager (OTM)
• Nortel Networks Symposium Call Center Server (SCCS)

References

• BugTraq: 12485
• CVE: CVE-2004-1244