11 matches found
CVE-2004-0597
CVE-2004-0597 describes multiple buffer overflows in libpng 1.2.5 and earlier caused by insufficient bounds checks in png_handle_tRNS, png_handle_sBIT, and png_handle_hIST. This allows remote attackers to execute arbitrary code via crafted PNG images. Connected sources note that some advisories p...
CVE-2004-0122
CVE-2004-0122 is described as affecting Microsoft MSN Messenger 6.0 and 6.1, allowing remote attackers to read arbitrary files via improper handling of certain requests. Connected advisories for pidgin/libpurple reference a related directory-traversal issue in the MSN protocol plugin (slp.c) that...
CVE-2007-2931
CVE-2007-2931 describes a heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, 7.5 and Windows Live Messenger 8.0, triggered during processing of webcam/video chat sessions. The vulnerability allows user-assisted remote code execution if a user accepts a specially crafted video/webcam ...
CVE-2002-0155
CVE-2002-0155 describes a buffer overflow in the Microsoft MSN Chat ActiveX control (MSNChat OCX) used by MSN Messenger 4.5/4.6 and Exchange Instant Messenger 4.5/4.6. The vulnerability occurs in the ResDLL parameter handling, allowing a remote attacker to execute arbitrary code with the user’s p...
CVE-2002-0472
CVE-2002-0472 affects MSN Messenger Service 3.6 and possibly other versions, where weak authentication during client message exchange enables remote spoofing of messages from other users. The OpenVAS entry for Windows Messenger (MSN/Windows Messenger family) classifies this as multiple vulnerabil...
CVE-2002-1698
The CVE-2002-1698 entry concerns Microsoft MSN Messenger Service versions 1.0 through 4.6. A buffer overflow vulnerability exists in the message header’s FN (font) field, allowing a remote attacker to trigger a denial of service (crash). The issue is caused by improper handling of a long font arg...
CVE-2006-0363
MSN Messenger 7.5 stores passwords in an encrypted form under HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds. Local users may recover originals by calling CryptUnprotectData (as demonstrated by the MSN Password Recovery.exe tool). The issue highlights that decryption methods and keys resi...
CVE-2002-0228
CVE-2002-0228 affects Microsoft MSN Messenger. The vulnerability allows remote attackers to use Javascript referencing an ActiveX object to obtain sensitive information (e.g., display names, web site navigation) when the user is connected to certain Microsoft sites or DNS-spoofed sites. OpenVAS/O...
CVE-2002-1831
MSN Messenger Service 1.0–4.6 is affected by a remote DoS vulnerability: an invite request containing hex-encoded spaces (%20) in the Invitation-Cookie field can crash the service. The available documents do not provide a root-cause analysis, affected versions beyond 1.0–4.6, exploit specifics, o...
CVE-2005-0562
The CVE-2005-0562 issue affects MSN Messenger 6.2 and involves a GIF processing buffer overflow. A malformed GIF with improper height/width could allow a remote attacker in a victim’s contact list to execute arbitrary code with the user’s privileges. Microsoft’s MS05-022/MS05-009 postings documen...
CVE-2007-3436
The CVE-2007-3436 entry affects Microsoft MSN Messenger 4.7 on Windows XP, where remote attackers can cause a denial of service through a flood of SIP INVITE requests to the voice-conversation port, resulting in resource consumption. The available documents describe the affected product, the vuln...