Lucene search
K
MicrosoftMsn Messenger

11 matches found

CVE
CVE
added 2004/08/05 4:0 a.m.133 views

CVE-2004-0597

CVE-2004-0597 describes multiple buffer overflows in libpng 1.2.5 and earlier caused by insufficient bounds checks in png_handle_tRNS, png_handle_sBIT, and png_handle_hIST. This allows remote attackers to execute arbitrary code via crafted PNG images. Connected sources note that some advisories p...

10CVSS7.5AI score0.82537EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.66 views

CVE-2004-0122

CVE-2004-0122 is described as affecting Microsoft MSN Messenger 6.0 and 6.1, allowing remote attackers to read arbitrary files via improper handling of certain requests. Connected advisories for pidgin/libpurple reference a related directory-traversal issue in the MSN protocol plugin (slp.c) that...

5CVSS7.3AI score0.22467EPSS
CVE
CVE
added 2007/08/31 10:0 p.m.64 views

CVE-2007-2931

CVE-2007-2931 describes a heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, 7.5 and Windows Live Messenger 8.0, triggered during processing of webcam/video chat sessions. The vulnerability allows user-assisted remote code execution if a user accepts a specially crafted video/webcam ...

9.3CVSS7.8AI score0.55451EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.51 views

CVE-2002-0155

CVE-2002-0155 describes a buffer overflow in the Microsoft MSN Chat ActiveX control (MSNChat OCX) used by MSN Messenger 4.5/4.6 and Exchange Instant Messenger 4.5/4.6. The vulnerability occurs in the ResDLL parameter handling, allowing a remote attacker to execute arbitrary code with the user’s p...

7.5CVSS7.8AI score0.24104EPSS
CVE
CVE
added 2002/06/11 4:0 a.m.50 views

CVE-2002-0472

CVE-2002-0472 affects MSN Messenger Service 3.6 and possibly other versions, where weak authentication during client message exchange enables remote spoofing of messages from other users. The OpenVAS entry for Windows Messenger (MSN/Windows Messenger family) classifies this as multiple vulnerabil...

5CVSS7AI score0.11877EPSS
CVE
CVE
added 2005/06/21 4:0 a.m.50 views

CVE-2002-1698

The CVE-2002-1698 entry concerns Microsoft MSN Messenger Service versions 1.0 through 4.6. A buffer overflow vulnerability exists in the message header’s FN (font) field, allowing a remote attacker to trigger a denial of service (crash). The issue is caused by improper handling of a long font arg...

5CVSS7.2AI score0.15509EPSS
CVE
CVE
added 2006/01/22 8:0 p.m.46 views

CVE-2006-0363

MSN Messenger 7.5 stores passwords in an encrypted form under HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds. Local users may recover originals by calling CryptUnprotectData (as demonstrated by the MSN Password Recovery.exe tool). The issue highlights that decryption methods and keys resi...

2.1CVSS6.2AI score0.02685EPSS
CVE
CVE
added 2002/05/03 4:0 a.m.43 views

CVE-2002-0228

CVE-2002-0228 affects Microsoft MSN Messenger. The vulnerability allows remote attackers to use Javascript referencing an ActiveX object to obtain sensitive information (e.g., display names, web site navigation) when the user is connected to certain Microsoft sites or DNS-spoofed sites. OpenVAS/O...

5CVSS6.1AI score0.16348EPSS
CVE
CVE
added 2005/06/28 4:0 a.m.43 views

CVE-2002-1831

MSN Messenger Service 1.0–4.6 is affected by a remote DoS vulnerability: an invite request containing hex-encoded spaces (%20) in the Invitation-Cookie field can crash the service. The available documents do not provide a root-cause analysis, affected versions beyond 1.0–4.6, exploit specifics, o...

5CVSS6.9AI score0.2283EPSS
CVE
CVE
added 2005/04/13 4:0 a.m.41 views

CVE-2005-0562

The CVE-2005-0562 issue affects MSN Messenger 6.2 and involves a GIF processing buffer overflow. A malformed GIF with improper height/width could allow a remote attacker in a victim’s contact list to execute arbitrary code with the user’s privileges. Microsoft’s MS05-022/MS05-009 postings documen...

7.5CVSS7.6AI score0.23171EPSS
CVE
CVE
added 2007/06/27 12:0 a.m.37 views

CVE-2007-3436

The CVE-2007-3436 entry affects Microsoft MSN Messenger 4.7 on Windows XP, where remote attackers can cause a denial of service through a flood of SIP INVITE requests to the voice-conversation port, resulting in resource consumption. The available documents describe the affected product, the vuln...

5CVSS6.7AI score0.12656EPSS