Microsoft has posted a security bulletin for the Unchecked Buffer in MSN Chat Control Can Lead to Code Execution problem
On May 8 2002, Microsoft released the original version of this bulletin. On June 11, 2002 the bulletin was updated to announce that while the fixes issued on May 8 2002 resolved the vulnerability, they did not protect in all cases against the reintroduction of the vulnerable control. As a result, a new set of fixes is being released to ensure that systems are fully protected against the reintroduction of the vulnerable control. A new MSN Chat control, updated patch, updated version of MSN Messenger and an updated version of Exchange Instant Messenger have been made available. Customers who have applied any of the fixes released on May 8, 2002 are encouraged to consider applying the updated fixes.Read more