MSN Hijacking - Demonstration

MSN Messenger Hijacking security bulletin

Click the MSN button below and IE will load another window containing the MSN Messenger ActiveX objects, but in the My Computer security zone. I then have full access to your contact list - including sending messages without you knowing. Sending files is also possible.

This is all down to the document.open IE vulnerability discovered by The Pull, see the SecurityFocus page for more information.

All of what this page does could easily be done automatically and with no user interaction (if MSN is already running, or set to login automatically). It could also be done via an email within Outlook or OE, if the security rules allowed scripting.

Please login to MSN Messenger before attempting to load contacts, using the official MSN client (not a 3rd party application such as Trillian). You also must have scripting, ActiveX and scripting of ActiveX enabled (the default IE rules for the internet zone stipulate this).