Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MSN Messenger Malformed Font Field Remote DoS

Medium

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack

Description

The remote host is running Microsoft MSN Messenger. Certain versions of MSN messenger are vulnerable to a Denial of Service attack. Specifically, a message received with a large amount of data (HTML encoded spaces %20 in particular) in the font field of the message header can cause the MSN client to crash. This vulnerability can be exploited by a remote attacker to continuously crash a victim's IM client, causing a Denial of Service.

Solution

Upgrade to the latest version of MSN Messenger