Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:2907
HistoryMay 10, 2002 - 12:00 a.m.

Security Bulletin MS02-022: Unchecked Buffer in MSN Chat Control Can Lead to Code Execution (Q321661)

2002-05-1000:00:00
vulners.com
28
JSON

Title: Unchecked Buffer in MSN Chat Control Can Lead to Code
Execution (Q321661)
Date: 08 May 2002
Software: MSN Chat, MSN Messenger, Exchange Instant Messenger
Impact: Run Code of Attacker's Choice
Max Risk: Critical
Bulletin: MS02-022

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS02-022.asp.

Issue:

The MSN Chat control is an ActiveX control that allows groups of
users to gather in a single, virtual location online to engage in
text messaging. The control is offered for download as a single
ActiveX control from a number of MSN sites. In addition, it is
included with MSN Messenger since version 4.5 and Exchange Instant
Messenger. While the MSN Chat control is included with these
products it is not used to provide Instant Messaging functionality,
but rather to add chat functionality to those products.

An unchecked buffer exists in one of the functions that handles
input parameters in the MSN Chat control. A security
vulnerability results because it is possible for a malicious user
to levy a buffer overrun attack and attempt to exploit this flaw.
A successful attack could allow code to run in the user's context.

It would be possible for an attacker to attempt to exploit
this vulnerability either through a malicious web site or through
HTML email. However, Outlook Express 6.0 and the
Outlook Email Security Update, which is available for
Outlook 98 and Outlook 2000, Outlook 2002 and can thwart such
attempts through their default security settings.

Mitigating Factors:

  • A successful attack would require that the user have installed
    the MSN Chat control, MSN Messenger, or
    Exchange Instant Messenger.

  • The MSN Chat control does not install with any version of
    Windows or Internet Explorer by default.

  • Windows Messenger which ships with Windows XP does not
    include the MSN Chat control. Windows XP users would be
    vulnerable only if they have chosen to install the MSN Chat
    control from MSN sites.

  • The HTML email attack vector is blocked by the following
    Microsoft mail products:

    • Outlook 98 and Outlook 2000 with the
      Outlook Email Security Update
    • Outlook 2002
    • Outlook Express.
      This is because these products all open HTML email in the
      Restricted Sites zone by default.

Risk Rating:

  • Internet systems: Low
  • Intranet systems: Low
  • Client systems: Critical

Patch Availability:

Acknowledgment:

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
LOSS OF
BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR
ITS
SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME
STATES DO
NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL
OR
INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

JSON