ZDnet reported that MSN Messenger is vulnerable to a critical high webcam flaw that can exploit to cause a heap-based buffer overflow via specially crafted data sent to a user. Secunia warns that successful exploitation may allow execution of arbitrary code, but requires that the victim accepts the incoming Webcam invitation. Microsoft urged all MSN users to update to Windows Live Messenger 8.1 or later as in the investigation, it shows that this version onwards is not vulnerable to the flaw.

Below is what Microsoft spokesman said

Our investigation so far shows that the latest version, Windows Live Messenger 8.1, is not vulnerable to this issue, he added, urging Windows Live Messenger 8.0 users to upgrade to Messenger 8.1.

We have encouraged customers to upgrade to Windows Live Messenger 8.1 beginning February 2007, the spokesman said.

Once we’re done investigating, we will take appropriate action to help protect customers. This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves.