------=_NextPart_001_0009_01C585B3.1BFD4330
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

 http://www.digitalparadox.org/viewadvisories.ah?view=3D45

      Msn Messenger Protocol has a vulnerability that allows kicking of =
all users in a group conversation.=20

      Dcrab 's Security Advisory
      [Hsc Security Group] http://www.hackerscenter.com/
      [dP Security] http://digitalparadox.org/

      Get Dcrab's Services to audit your Web servers, scripts, networks, =
etc. Learn more at http://www.dbtech.org

      Severity: High
      Title: Msn Messenger Protocol has a vulnerability that allows =
kicking of all users in a group conversation.
      Date: 10/07/2005

      Details:=20

      While in a group conversation, sending a plain text message =
containing ".pif" causes not just you, but all the users in=20
      the conversation to be kicked. It also makes it impossible to =
figure out which one of the users has caused the "booting"=20
      to take place.

      You can read a article about this at, =
http://www.messenger-blog.com/

      Also, a special thank you to TB regarding this issue, as he has =
taken on the job of further investigating it.

      UPDATE: It also seems to work on gaim, and therefore is probably a =
msn server, or protocol issue.

      Keep your self updated, Rss feed at: =
http://digitalparadox.org/rss.ah

      Author:=20
      These vulnerabilties have been found and released by Diabolic =
Crab, Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com,=20
      please feel free to contact me regarding these vulnerabilities. =
You can find me at, http://www.hackerscenter.com or=20
      http://digitalparadox.org/. Lookout for my soon to come out book =
on Secure coding with php.
    =20



-------------------------------------------------------------------------=
-------


Sincerely,=20
Diabolic Crab=20



------=_NextPart_001_0009_01C585B3.1BFD4330
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2668" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2><!--StartFragment --><FONT =
face=3D"Times New Roman"=20
size=3D3>&nbsp;<FONT face=3DArial size=3D2><A=20
href=3D"http://www.digitalparadox.org/viewadvisories.ah?view=3D45">http:/=
/www.digitalparadox.org/viewadvisories.ah?view=3D45</A></FONT></FONT></FO=
NT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;</DIV>
<DIV>
<TABLE class=3Dsmallblack cellSpacing=3D0 cellPadding=3D0 width=3D700 =
align=3Dcenter=20
border=3D0>
  <TBODY>
  <TR>
    <TD align=3Dleft><B>Msn Messenger Protocol has a vulnerability that =
allows=20
      kicking of all users in a group=20
conversation.</B></TD></TR></TBODY></TABLE></DIV>
<DIV>
<TABLE class=3Dsmallblack cellSpacing=3D1 cellPadding=3D3 width=3D700 =
align=3Dcenter=20
bgColor=3D#000000 border=3D0>
  <TBODY>
  <TR>
    <TD align=3Dleft bgColor=3D#ffffff>Dcrab 's Security =
Advisory<BR>[Hsc Security=20
      Group] http://www.hackerscenter.com/<BR>[dP Security]=20
      http://digitalparadox.org/<BR><BR>Get Dcrab's Services to audit =
your Web=20
      servers, scripts, networks, etc. Learn more at=20
      http://www.dbtech.org<BR><BR>Severity: High<BR>Title: Msn =
Messenger=20
      Protocol has a vulnerability that allows kicking of all users in a =
group=20
      conversation.<BR>Date: 10/07/2005<BR><BR>Details: <BR><BR>While in =
a group=20
      conversation, sending a plain text message containing ".pif" =
causes not=20
      just you, but all the users in <BR>the conversation to be kicked. =
It also=20
      makes it impossible to figure out which one of the users has =
caused the=20
      "booting" <BR>to take place.<BR><BR>You can read a article about =
this at,=20
      http://www.messenger-blog.com/<BR><BR>Also, a special thank you to =
TB=20
      regarding this issue, as he has taken on the job of further =
investigating=20
      it.<BR><BR>UPDATE: It also seems to work on gaim, and therefore is =

      probably a msn server, or protocol issue.<BR><BR>Keep your self =
updated,=20
      Rss feed at: http://digitalparadox.org/rss.ah<BR><BR>Author: =
<BR>These=20
      vulnerabilties have been found and released by Diabolic Crab, =
Email:=20
      dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, <BR>please feel free =
to=20
      contact me regarding these vulnerabilities. You can find me at,=20
      http://www.hackerscenter.com or <BR>http://digitalparadox.org/. =
Lookout=20
      for my soon to come out book on Secure coding with=20
php.<BR></TD></TR></TBODY></TABLE></DIV></FONT>
<DIV><FONT face=3DArial size=3D2>&nbsp;</DIV>
<DIV>
<HR>
</DIV>
<DIV><BR>Sincerely, <BR>Diabolic Crab <BR><IMG=20
src=3D"http://digitalparadox.org/dc.gif"=20
border=3D0><BR><BR></DIV></FONT></BODY></HTML>

------=_NextPart_001_0009_01C585B3.1BFD4330--