23-03-2004, 10:39 PM
MSN MESSENGER: Vulnerability in MSN Messenger Could Allow Information Disclosure
In MSN Messenger 6.0 and later, an attacker could send a carefully-crafted file request to a specific user. The user would never get any kind of message, but the attacker would have access to the file. For this to work, the attacker has to a) know your screen name, b) know the exact location of the file, and c) have read access to that file. Not a HUGE threat, but important nonetheless. If you use MSN Messenger, download the update at your earliest convenience.
Update can be found here. http://www.microsoft.com/technet/securit...4-010.mspx
In MSN Messenger 6.0 and later, an attacker could send a carefully-crafted file request to a specific user. The user would never get any kind of message, but the attacker would have access to the file. For this to work, the attacker has to a) know your screen name, b) know the exact location of the file, and c) have read access to that file. Not a HUGE threat, but important nonetheless. If you use MSN Messenger, download the update at your earliest convenience.
Update can be found here. http://www.microsoft.com/technet/securit...4-010.mspx