MSN Messenger Web Camera Stream Vulnerability
MSN Messenger and Windows Live Messenger contain a heap overflow in the handling of malformed webcam streams. By convincing a user to accept a webcam invitation, a remote attacker may be able to execute arbitrary code with the privileges of the user on an affected system.
US-CERT is aware of publicly available exploit code for this vulnerability.
More information regarding this vulnerability can be found in Vulnerability Note VU#166521.
US-CERT recommends users upgrade to Windows Live Messenger 8.1 to mitigate the security risk.