header-logo
Suggest Exploit
vendor:
MSN Messenger
by:
ole andre
7.5
CVSS
HIGH
Heap Overflow
119
CWE
Product Name: MSN Messenger
Affected Version From: 7.x (possibly 8.0)
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows
2007

MSN messenger 7.x (8.0?) VIDEO Remote Heap Overflow Exploit

This exploit allows an attacker to remotely overflow the heap in MSN Messenger version 7.x (possibly 8.0). The exploit involves compiling a DLL, injecting it into the MSN Messenger process, and then sending a webcam invitation to a contact who is online. If the invitation is accepted, the target's MSN Messenger will crash. On a Chinese version of Windows 2000 SP4, it may also result in a reverse shell. The source code of the DLL needs to be adjusted for other versions of Windows 2000 by modifying the jmpa address.

Mitigation:

Upgrade to a newer version of MSN Messenger.
Source

Exploit-DB raw data:

MSN messenger 7.x (8.0?) VIDEO Remote Heap Overflow Exploit

thanks ole andre again, His ospy is perfect.

1.compile the dll.
2.inject the dll to msn messenger 7.0.777.0 's process.
3. choose "send my webcam" to a contact id who is online using 7.x (8.0?).
4.when the otherside accept the invatation , the otherside's msn will be at least crashed, if you using aChinese version windows 2000 sp4 , maybe a reverse shell , if other verison windows 2000, you need adjust the jmpa address in the dll's sourcecode. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/30537.rar (08292007-exp_msn.rar)

# milw0rm.com [2007-08-29]

Navigation

Suggest Exploit

Services By CQR