9.3 - VU#166521

Executive Summary

Summary
Title	MSN Messenger and Windows Live Messenger webcam stream heap overflow

Informations
Name	VU#166521	First vendor Publication	2007-08-28
Vendor	VU-CERT	Last vendor Modification	2007-09-13
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#166521

MSN Messenger and Windows Live Messenger webcam stream heap overflow

Overview

MSN Messenger fails to properly handle webcam streams, which may allow a remote attacker to execute arbitrary code.

I. Description

MSN Messenger is an instant messaging application. Starting with version 8, MSN Messenger was renamed to Windows Live Messenger. Windows Live Messenger and some versions of MSN Messenger support the use of webcams. MSN Messenger and Windows Live Messenger appear to require user interaction to connect a webcam stream.

MSN Messenger and Windows Live Messenger contain a heap overflow in the handling of a malformed webcam streams. Exploit code for this vulnerability is publicly available.

II. Impact

By convincing a user to accept a webcam invitation, a remote attacker may be able to execute arbitrary code with the privileges of the user.

III. Solution

Apply an update

This issue is addressed by Microsoft Security Bulletin MS07-054. This update provides fixed versions of MSN Messenger 6.2, 7.0, 7.5, and Windows Live Messenger 8.0

Do not accept webcam invitations

If you are unable to install a fixed version, do not accept any webcam invitations, regardless of the source.

Systems Affected

Vendor	Status	Date Updated
Microsoft Corporation	Vulnerable	28-Aug-2007

References

http://secunia.com/advisories/26570/
http://www.microsoft.com/technet/security/bulletin/ms07-054.mspx

Credit

This vulnerability was publicly reported by team509.

This document was written by Will Dormann.

Other Information

Date Public	01/31/2007
Date First Published	08/28/2007 08:54:13 AM
Date Last Updated	09/13/2007
CERT Advisory
CVE Name	CVE-2007-2931
Metric	3.54
Document Revision	8

Original Source

Url : http://www.kb.cert.org/vuls/id/166521

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
50 %	CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:2063

Oval ID:	oval:org.mitre.oval:def:2063
Title:	Vulnerability in MSN Messenger and Windows Live Messenger Could Allow Remote Code Execution
Description:	Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2007-2931	Version:	3
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista	Product(s):	MSN Messenger
Definition Synopsis:
MSN Messenger on Windows 2000 Microsoft Windows 2000 SP4 or later is installed AND MSN Messenger 6.2 is installed OR MSN Messenger 7.0 is installed AND MSN Messenger 7.0, with version less than 7.0.0820.0 is installed OR MSN Messenger on all Windows platforms except Windows 2000 NOT Microsoft Windows 2000 is installed AND MSN Messenger 6.2 is installed AND MSN Messenger 7.0 is installed AND MSN Messenger 7.5 is installed AND MSN Messenger 8.0 is installed

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft Msn Messenger cpe:2.3:a:microsoft:msn_messenger:7.5:::::::* cpe:2.3:a:microsoft:msn_messenger:7.0:::::::* cpe:2.3:a:microsoft:msn_messenger:6.2:::::::*	3
Application	Microsoft Windows Live Messenger cpe:2.3:a:microsoft:windows_live_messenger:8.0:::::::*	1

Open Source Vulnerability Database (OSVDB)

Id	Description
40126	MSN Messenger Video Conversation Handling Remote Overflow

Snort® IPS/IDS

Date	Description
2014-01-10	Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt RuleID : 20554 - Revision : 10 - Type : PUA-OTHER
2014-01-10	Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt RuleID : 17551 - Revision : 11 - Type : PUA-OTHER

Nessus® Vulnerability Scanner

Date	Description
2007-09-11	Name : Arbitrary code can be executed on the remote host through Messenger service. File : smb_nt_ms07-054.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2016-04-26 18:25:47	Multiple Updates
2015-05-08 13:27:59	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	2
Oval ID(s)	1
CPE ID(s)	4
osvdb(s)	1
Snort® Rule(s)	2
Nessus® Exploit(s)	1

	Related
9.3	MS07-054
9.3	CVE-2007-2931
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)