null

MessengerScan v1.05

Microsoft MessengerScan Vulnerability Detection Utility with Advanced Immediate Protection Capability!

MessengerScan v1.05 is a Windows based detection and analysis utility that can quickly and accurately identify Microsoft operating systems that are vulnerable to the messenger service buffer overflow released in the MS03-043 bulletin.

MessengerScan v1.05 is intended for use by enterprise system and network administrators as a fast and reliable utility for identifying at risk Microsoft systems in a passive manner. The vulnerability detection part of the tool is non-abrasive in nature and may be run in production environments during production hours. In addition to identifying vulnerable systems, MessengerScan provides administrators the ability to shutdown AND disable the messenger service running on the vulnerable system.

Note: Due to differences in the implementation of the Messenger Service on Microsoft Windows’ platforms, this script cannot currently identify vulnerable hosts running Windows NT 4.

Vulnerability Information:
The Microsoft Windows Messenger Service transmits messages to network users and the Alerter Service for Windows. It is not related to the Windows or MSN Messenger instant messaging applications.

The Messenger Service fails to validate the size of messages allowing an allocated buffer to be overflowed. Data outside the buffer will be placed in memory and processed with SYSTEM level privileges or cause the service to stop responding. Remote attackers can send specially crafted messages allowing them to execute arbitrary code on targeted hosts.

Vulnerable systems:
Microsoft Windows NT 4
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows 2003