Bug:
Code: Select all
charset=UTF-8
Exploit:
use a packet editor like WPE pro to change
Code: Select all
charset=UTF-8
Code: Select all
charset=UTF-%n
you can capture ANY text packet, then change it and resend.
note that your victim is not be able to see the packet (message) that contains the invalid charset with %n
I wrote a quick .dll injection exploit too (using proxocket). all you need to do is put those 2 .dll files into your windows live folder (where your msnmsgr.exe is), restart your msn (totally EXIT msn, not just logout) and then just contact somebody who has the latest msn (12 may 2009, windows live 9 something) and he/she will crash (in case he/she has the msn version with that bug)
as noted before, your victim will NOT see the message you send with the %n changes in it, so my .dll injection exploit can be totally invisible to normal users, however if they monitor it with a packet capturing tool, they will see the packet.
earlier versions are uneffected, however i only tested on 8.5
NOTE2 - you are not be able to talk to anybody, because message will not show on other side ! even if they are using uneffected msn (it means they wont crash, but they wont see message either)