Microsoft issued a security alert after discovering a weak spot in its popular MSN Messenger service that could be exploited by hackers.
The alert, issued Wednesday, said that the vulnerability affected MSN
Messenger's chat feature, which allows multiple messenger users to exchange text messages in a separate ActiveX-based window.
Hackers can exploit the vulnerability to impose a buffer-overflow attack, the alert said. Buffer-overflow vulnerabilities allow hackers to execute potentially harmful programs on a victim's computer that could delete files or cripple the system's security.
Attackers can issue the buffer overflow through e-mail that contains HTML or a malicious Web site, the notice added.
To plug the vulnerability, people must download an updated version of MSN Messenger or Exchange Instant Messenger. They can also download an updated version of MSN Chat control from its chat Web sites.
Microsoft Chairman Bill Gates has made security a top priority at the software giant. The company has come under criticism routinely for security and privacy weaknesses in its software. Now that Microsoft is focusing on its .Net initiative, which strives to offer software and services over the Internet, the issue of security and privacy has become more critical.
In February, security specialists called attention to a browser glitch that left MSN Messenger vulnerable to a fast-spreading worm.
Also around that time, a glitch in the company's similar Windows Messenger prevented some users from staying connected to the service. Users of MSN Messenger seemed less affected by the problem.
