Windows Live Messenger Security Vulnerabilities and Issues — Windows Live Messenger CVE List

MicrosoftWindows Live Messenger

8 matches found

CVE•added 2009/02/19 4:0 p.m.•64 views

CVE-2009-0647

CVE-2009-0647 affects Microsoft Windows Live Messenger 2009 (build 14.0.8064.206 and related 14.0.8064.x). The vulnerability arises when a remote attacker sends a message where the Content-Type header’s charset field contains a modified or UTF-8.0 value, which can cause the target’s msnmsgr.exe t...

5CVSS6.8AI score0.17365EPSS

CVE•added 2007/08/31 10:0 p.m.•61 views

CVE-2007-2931

CVE-2007-2931 describes a heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, 7.5 and Windows Live Messenger 8.0, triggered during processing of webcam/video chat sessions. The vulnerability allows user-assisted remote code execution if a user accepts a specially crafted video/webcam ...

9.3CVSS7.8AI score0.55451EPSS

CVE•added 2007/10/01 12:0 a.m.•59 views

CVE-2007-5144

CVE-2007-5144: A buffer overflow in the GDI engine of Windows Live Messenger (MSN Live 8.1) could be triggered by placing a malformed file in a new folder under the Sharing Folders path and triggering a synchronize operation. The issue allows user-assisted remote attackers to cause a denial of se...

4.3CVSS8.2AI score0.16503EPSS

CVE•added 2009/01/02 7:0 p.m.•54 views

CVE-2008-5828

Microsoft Windows Live Messenger Client (

5CVSS6.7AI score0.143EPSS

CVE•added 2008/11/20 3:0 p.m.•49 views

CVE-2008-5179

The CVE-2008-5179 entry describes an unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger that enables remote attackers to trigger a denial-of-service (crash) by sending a crafted RTCP receiver report packet. The vulnerability ...

5CVSS6.5AI score0.16436EPSS

CVE•added 2010/01/12 5:0 p.m.•43 views

CVE-2010-0278

The CVE-2010-0278 entry covers a vulnerability in an ActiveX control (msgsc.14.0.8089.726.dll) used by Microsoft Windows Live Messenger 2009 (build 14.0.8089.726) on Windows Vista/7. The flaw is triggered by calling the ViewProfile method with a crafted argument during an MSN Messenger session, c...

4.3CVSS6.8AI score0.08312EPSS

CVE•added 2006/06/27 6:0 p.m.•41 views

CVE-2006-3250

Windows Live Messenger 8.0 is affected by a heap-based buffer overflow in the handling of imported Contact List (.ctt) files. The flaw can allow user-assisted attackers to execute arbitrary code when a crafted .ctt file is imported by the user. The vulnerable component is the messenger client’s i...

5.1CVSS8.2AI score0.06847EPSS

CVE•added 2006/12/04 11:0 a.m.•38 views

CVE-2006-6252

CVE-2006-6252 affects Microsoft Windows Live Messenger 8.0 and earlier. When gestual emoticons are enabled, a remote attacker can cause denial of service by sending a long string of ":D" sequences that are interpreted as emoticons, consuming CPU resources. The NVD entry notes a network-exposed ve...

4.3CVSS6.9AI score0.1057EPSS