icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

MSN Messenger Malformed Font Field Remote DoS

Medium

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack

Description

The remote host is running Microsoft MSN Messenger. Certain versions of MSN messenger are vulnerable to a Denial of Service attack. Specifically, a message received with a large amount of data (HTML encoded spaces %20 in particular) in the font field of the message header can cause the MSN client to crash. This vulnerability can be exploited by a remote attacker to continuously crash a victim's IM client, causing a Denial of Service.

Solution

Upgrade to the latest version of MSN Messenger