It has been reported that the problem exists in the MSN client during file transfer invitation requests. The client improperly processes incoming requests and may send sensitive data such as the IP address of the client to the remote host without first identifying that host. The expected behavior is that the client must accept the file transfer prior to revealing its IP address. However, by exploiting this weakness, it is possible to obtain the client IP address prior to the client user accepting the file transfer request. This presents a security threat because it will allow an attacker to enumerate IP addresses of client users.
This information could be used to launch direct attacks against the client system and network.
MSN Messenger versions 6.0.0602 and prior and all versions of Windows Messenger have been reported to be prone to this issue. Other versions of MSN Messenger could be affected as well.
0 Responses to “MSN Messenger information leakage weakness”
Leave a Reply