Windows Live Messenger字符集数据远程拒绝服务漏洞

BUGTRAQ ID: 33825 CVECAN ID: CVE-2009-0647 Windows Live Messenger是非常流行的即时通讯聊天工具。 Windows Live Messenger处理消息时存在拒绝服务漏洞，如果远程攻击者在向MSN联系人发送消息的Content-Type头中修改了字符集字段的UTF-8.0值的话，就会导致对方的MSN崩溃。 Microsoft Windows Live Messenger 2009 厂商补丁： Microsoft --------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

Format string

msnmsgr.exe in Windows Live Messenger WLM 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service application crash via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the Content-Type header...

CVE-2009-0647

CVE-2009-0647 affects Microsoft Windows Live Messenger 2009 (build 14.0.8064.206 and related 14.0.8064.x). The vulnerability arises when a remote attacker sends a message where the Content-Type header’s charset field contains a modified or UTF-8.0 value, which can cause the target’s msnmsgr.exe t...