The Redmond media giant has issued a security alert after discovering a hole in its MSN Messenger service.
The hole could allow malicious hackers to exploit a feature that allows users to gather in a single virtual location, or chat room, to exchange messages across the Internet in a separate ActiveX-based window.
This buffer-overflow vulnerability could enable hackers to execute malicious commands on a user's computer.
Hackers can issue the buffer overflow through an HTML e-mail or a malicious Web site.
MSN Chat Control, MSN Messenger versions 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6 are affected by the vulnerability.
To patch the hole users have to update their version of MSN Messenger or Exchange Instant Messenger. They can also download an updated version of MSN Chat control from its chat Web sites. Click here for more details.
Microsoft patches Messenger security hole
