Windows Messenger Security Vulnerabilities
Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami (version 20222284) on Windows. This allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami...
5.4CVSS
5.4AI Score
0.001EPSS
An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.30 in the Lock Screen Security Feature function due to insufficient permissions and privileges, which allows a malicious attacker bypass the lock screen...
9.1CVSS
9.1AI Score
0.003EPSS
A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file...
7CVSS
6.7AI Score
0.001EPSS
An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. There are multiple ways an attacker could exploit the vulnerability: In a web-based...
6.1CVSS
7.2AI Score
0.0004EPSS
An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. There are multiple ways an attacker could exploit the vulnerability: In a web-based...
8.8CVSS
8.5AI Score
0.007EPSS
A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory. An attacker who successfully exploited the vulnerability could gain execution on a victim system. An attacker could host a specially crafted website that is designed to exploit the...
7.5CVSS
7.9AI Score
0.027EPSS
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...
7.8CVSS
7.8AI Score
0.004EPSS
An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log onto...
7.8CVSS
7.1AI Score
0.001EPSS
Remote code execution vulnerability exists in KaKaoTalk PC messenger when user clicks specially crafted link in the message window. This affects KaKaoTalk windows version 2.7.5.2024 or...
8.8CVSS
8.8AI Score
0.012EPSS
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer...
6.4AI Score
0.0004EPSS
The Windows Messenger ActiveX control in msgsc.dll in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via unspecified vectors that "corrupt the system state," aka "Microsoft Windows Messenger ActiveX Control...
7.7AI Score
0.757EPSS
A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN...
6.8AI Score
0.044EPSS
Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. (dot dot) in a...
6.4AI Score
0.003EPSS
msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the Content-Type...
6.8AI Score
0.034EPSS
Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port...
6.7AI Score
0.003EPSS
Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report...
6.5AI Score
0.065EPSS
An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via...
6.3AI Score
0.725EPSS
Buffer overflow in the GDI engine in Windows Live Messenger, as used for Windows MSN Live 8.1, allows user-assisted remote attackers to cause a denial of service (application crash or system crash) and possibly execute arbitrary code by placing a malformed file in a new folder under the Sharing...
8.2AI Score
0.084EPSS
Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat...
7.8AI Score
0.952EPSS
Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice...
6.7AI Score
0.023EPSS
AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than...
6.6AI Score
0.017EPSS
AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application hang) via a flood of spoofed SIP INVITE...
6.5AI Score
0.017EPSS
Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as...
6.9AI Score
0.004EPSS
The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft Windows XP SP2 allows context-dependent attackers to cause a denial of service (application crash) via certain images that trigger a divide-by-zero error, as demonstrated by a (1) .ico file, (2) .png file that crashes MSN...
6.8AI Score
0.031EPSS
Heap-based buffer overflow in Windows Live Messenger 8.0 allows user-assisted attackers to execute arbitrary code via a crafted Contact List (.ctt) file, which triggers the overflow when it is imported by the...
8.2AI Score
0.054EPSS
The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 and earlier allows remote attackers to cause a denial of service (crash) via a malformed buddy icon that causes an integer underflow in a loop counter...
7.5CVSS
7.3AI Score
0.005EPSS
Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2)...
7.5AI Score
0.964EPSS
The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow...
7.9AI Score
0.971EPSS
7AI Score
0.002EPSS