Windows Live Messenger Security Vulnerabilities and Issues — Windows Live Messenger CVE List

Lucene search

MicrosoftWindows Live Messenger

8 matches found

CVE•added 2007/08/31 10:17 p.m.•53 views

CVE-2007-2931

Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions.

9.3CVSS7.8AI score0.77607EPSS

CVE•added 2009/02/19 4:30 p.m.•51 views

CVE-2009-0647

msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the Content-Type header...

5CVSS6.8AI score0.18577EPSS

CVE•added 2007/10/01 5:17 a.m.•49 views

CVE-2007-5144

Buffer overflow in the GDI engine in Windows Live Messenger, as used for Windows MSN Live 8.1, allows user-assisted remote attackers to cause a denial of service (application crash or system crash) and possibly execute arbitrary code by placing a malformed file in a new folder under the Sharing Fol...

4.3CVSS8.2AI score0.16334EPSS

CVE•added 2009/01/02 7:30 p.m.•43 views

CVE-2008-5828

Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port hea...

5CVSS6.7AI score0.17855EPSS

CVE•added 2008/11/20 3:30 p.m.•37 views

CVE-2008-5179

Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet.

5CVSS6.5AI score0.30148EPSS

CVE•added 2010/01/12 5:30 p.m.•34 views

CVE-2010-0278

A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger...

4.3CVSS6.8AI score0.24129EPSS

CVE•added 2006/06/27 6:5 p.m.•33 views

CVE-2006-3250

Heap-based buffer overflow in Windows Live Messenger 8.0 allows user-assisted attackers to execute arbitrary code via a crafted Contact List (.ctt) file, which triggers the overflow when it is imported by the user.

5.1CVSS8.2AI score0.1986EPSS

CVE•added 2006/12/04 11:28 a.m.•29 views

CVE-2006-6252

Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons.

4.3CVSS6.9AI score0.10745EPSS