A security vulnerability exists in Microsoft MSN Messenger. The vulnerability exists because of the method used by MSN Messenger to handle a file request. An attacker could exploit this vulnerability by sending a specially crafted request to a user running MSN Messenger. If exploited successfully, the attacker could view the contents of a file on the hard drive without the user's knowledge as long as the attacker knew the location of the file and the user had read access to the file.
To exploit this vulnerability, an attacker would have to know the sign-on name of the MSN Messenger user in order to send the request.
Mitigating factors: •
An attacker must know the sign-on name of the user •
If the user has blocked receiving messages from anonymous users not on their contact list by placing "All Others" in their block list, the attacker's messenger account must be on the user's allow list to exploit the vulnerability. •
The attacker could access files that the user had read access to. If the user is logged into the computer with restricted privileges this would limit the files that the attacker could access.