Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Microsoft MSN Messenger Information Leakage Weakness

Nov 24, 2003 12:47AM PST

It has been reported that MSN Messenger may be prone to an information leakage weakness that may allow an attacker to gain access to sensitive information. The problem exist in the MSN client during file transfer invitation requests. The client improperly processes incoming requests and may send sensitive data such as the IP address of the client to the remote host without first identifying that host.

vulnerable
Microsoft MSN Messenger Service 1.0
Microsoft MSN Messenger Service 2.0
Microsoft MSN Messenger Service 2.2
Microsoft MSN Messenger Service 3.0
Microsoft MSN Messenger Service 3.6
Microsoft MSN Messenger Service 4.0
Microsoft MSN Messenger Service 4.5
Microsoft MSN Messenger Service 4.6
Microsoft MSN Messenger Service 6.0
Microsoft MSN Messenger Service 6.0.602

Not vulnerable: Microsoft MSN Messenger Service 6.1

Solution: Users are advised to upgrade to MSN 6.1 which is not vulnerable to this issue.

http://www.securityfocus.com/bid/9082/discussion/

Discussion is locked

- Collapse -
Re:Microsoft MSN Messenger Information Leakage Weakness
Nov 24, 2003 11:44PM PST

Thanks for the tip Donna.I presently have ver.6.0.0602 and I am wondering apart for the "security fix" that is included with ver.6.1 is there any need tobe concerned about any glitches in the new ver. as my present one has been fault free?.Also if I do download the new ver. should I first remove the existing ver. or will it just over-write it?

- Collapse -
Re:Re:Microsoft MSN Messenger Information Leakage Weakness
Nov 25, 2003 1:01AM PST

Hi Ken,

Microsoft published the known issues - http://messenger.msn.com/Help/Issues.aspx?mkt=en-us

I browsed the Messenger newsgroup of Microsoft and found different issues reported by users of MSN Messenger 6.1. Most of them are related to video and audio. Not a major problem (I think) because some users reported that they do not have a problem with their video/audio conversation using 6.1. Also depends on what version of Windows and if the user is using a router or behind NAT and webcam software.

http://groups.google.co.uk/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&group=microsoft.public.msn.messenger

If you decide not to upgrade for now, create a firewall rule to disallow File Transfer Happy until you are ready to upgrade to v6.1 which is immune. Also do not forget to configure MSN Messenger to invoke virus scan:
In the main Messenger window, click Options on the Tools menu. Click the Messages tab. Under File Transfer, click the Scan for viruses using check box.
Click Browse, and then select your virus scanning software.

No need to uninstall the earlier version. You can install the latest version on top of it.