Today Core Technologies discovered a leak in MSN Messenger which can be used to take over a users computer using a buffer overflow.
Core researchers discovered that by selecting a specially-crafted graphic as the user’s display picture in MSN Messenger, an attacker could trigger a buffer overflow vulnerability on the chat partner’s computer and surreptitiously take over machines running instant messaging software. The attack would travel through the established chat session and would pass unnoticed by firewalls, network intrusion detection systems and even host-based personal firewalls and antivirus software.
Windows Media Player is also vulnerable. As are users who installed SP2 to update their Windows XP installation. This is because an attack uses the chat session. Windows Messenger and MSN Messenger 7 are not affected.
At the moment Neowin is reporting downtime of the MSN Messenger network (status-page is unavailable, use phpMsgrStats for the cached status). The downtime is unrelated to the vulnerability found by Core Technologies.
Vulnerability Specifics: The MSN Messenger protocol allows for the transmission of images between users during electronic conversations. The image format used to transfer those images is called Proprietary Network Graphics (PNG). When a user selects a picture to be displayed, Messenger converts it to the PNG format, with a fixed size and encoding characteristics. These images are then transmitted over the same communication channel used to exchange text messages. By sending a specially crafted PNG image, an attacker can trigger a buffer overflow and execute arbitrary code on the chat partner’s machine.
MacCentral reports about MSN Messenger for Mac:
Microsoft announced today that MSN Messenger for Mac 5.0 would be released in the first half of 2005, adding several new features. The new version will include improved security and the ability to add users listed in a company’s Global Address List (GAL) or corporate address book and it will enable users to view both personal and corporate messaging accounts from one location.
Check out the discussion on the forum, MSN Messenger for Mac announced and a screenshot made available.
For the people who don't know it yet, Microsoft released a version of the web based messenger for all to test now. Just sign in and a new window will open and you'll see that it looks like the real MSN Messenger.
Right now the following languages are available: English, French, German and Japanese. More languages will follow later this year. MSN Web Messenger only supports sending instant messages. There is no support for webcams, voicechats or games at the moment.
Remember, this service is still in beta stages, the number of simultaneous connections to MSN Web Messenger is limited so it could be possible that you get a sign-in error.
It's now official, Messenger Plus! 3 has finally been released! It took me 5 months to redesign all the software and I can tell you that I'm very happy with the result. As you can see, msgplus.net is also brand new and will continue to be updated during the week. All the sections have been rethought, new feature pages have been added, new merchandise is available for Messenger Plus! 3… soon, the site will even include localized content for the main pages! a new software, a new web site, both of them still as free as ever: what more could you ask? 
Daum Communications Corp, South Korea's top Internet portal, said on Monday it was suing Microsoft Corp and its Korean unit for alleged unfair business practices related to instant messaging software.
“Microsoft used its dominant market position by bundling its Instant Messenger program to its Windows XP operating system and that has caused significant damage to Daum,” Daum said in a statement. “By using its dominance in PC operating systems, Microsoft is excluding rivals from Internet messenger markets.”
Daum, which has its own messaging service, said it had filed a 10 billion won ($8.74 million) indemnity suit at the Seoul District Court.
