Exploit released for MSN Messenger 'avatar' hole
InfoWorld | at | by Mike
Malicious code that can take advantage of a newly disclosed hole in Microsoft's MSN Messenger instant messenger program has been published on the Internet. The publication of the code could set the stage for a possibly virulent IM worm or virus, according to security experts.
The code attacks a hole in an MSN Messenger component called "libpng," which is used to display PNG files that are used to show smiley faces, buddy icons and other graphics. More than one example of code to exploit the hole was available on the Internet Wednesday, along with directions on how to use it to attack vulnerable Messenger applications.