Feeds

IE bug allows full MSN Messenger hijack

I send you this guy's files in order to have a laugh

  • alert
  • submit to reddit

Security and trust: The backbone of doing business over the internet

The recent privacy stuff-up in Messenger "pales in comparison to what can be done if you use MSN Messenger through unpatched IE vulnerabilities," security researchers Tom Gilder and Thor Larholm have discovered.

Among the fun and games one can have with a vulnerable Messenger user are such sports as impersonating the victim and sending spoof messages and spoof e-mail memos to his contacts, and scouring his local drive for interesting files to share around.

In other words, you can do anything with the victim's Messenger client that the owner can do.

A demonstration has been set up here.

The problem is not a bug in Messenger, but one in IE, namely the Document.Open() vulnerability discovered in mid-December by ThePull, which allows for cookies to be gathered and documents to be read. This one is demonstrated here.

There is not yet a patch for this and several other IE holes. Vulnerable systems include:

Windows 98 SE with IE6 final (fully patched as of Feb 9) and MSN Messenger 4.6.0073
Windows 98 SE with IE6 final and MSN Messenger 3.6.0024
Windows ME with IE6 final (fully patched as of Feb 9) and MSN Messenger 4.5.0127
Windows 2000 with IE6 final (fully patched as of Feb 9) and MSN Messenger 4.6.0071
Windows 2000, IE5.5, MSN Messenger 4.6.00.73

Interestingly, MS released a major IE patch late last week but quickly withdrew it. Whether this was because they'd neglected to address this exploit or because the patch was ineffective or because it breaks people's computers we don't know.

A handy reference of yet-to-be-patched IE flaws can be reviewed here. IE users may wish to compare it against the next IE patch, when MS finally gets it sorted out. ®

New hybrid storage solutions

More from The Register

next story
Hey, Scots. Microsoft's Bing thinks you'll vote NO to independence
World's top Google-finding website calls it for the UK
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
OECD lashes out at tax avoiding globocorps' location-flipping antics
You hear that, Amazon, Google, Microsoft et al?
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.