MS05-022: Vulnerability in MSN Messenger Could Lead to Remote Code Execution (896597)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

Arbitrary code can be executed on the remote host through Messenger
service.

Description :

The remote host is running MSN Messenger.

The version of MSN Messenger used on the remote host is vulnerable to a
remote buffer overflow in the way it handles GIF files (with height and
width fields).

An attacker may exploit this vulnerability to execute arbitrary code on
the remote host.

See also :

http://technet.microsoft.com/en-us/security/bulletin/ms05-022

Solution :

Microsoft has released a set of patches for MSN Messenger 6.2.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 18025 ()

Bugtraq ID: 13114

CVE ID: CVE-2005-0562