Microsoft Windows Messenger Remote Illegal Access Vulnerability

CVE-2008-0082

When installing Windows XP, an old edition of MSN Messenger is installed automatically. The old edition opens the MSN API to develop as an ActiveX Control, and marks it with "safe".

By using this ActiveX Control, we can control the local MSN Messenger, for instance: change state, gain current login ID, steal contact-person's information, send mail using the victim's name, and so on, all of these functions given by this feature can be considered to be security problems.

Even the user installs a higher edition of MSN Messenger(Windows Live Messenger), this ActiveX control will not be removed. By using this we will still be allowed to visit the local Live Messenger. 

Windows Live Messenger存在非法访问漏洞。恶性攻击者可以控制Live Messenger构建恶意网页，一旦受害者访问这个网页，攻击者可以控制本地Live Messenger的，包括披露的个人敏感信息，远程等

Microsoft Windows Live Messenger 4.7 on Windows XP and Windows Server 2003
Microsoft Windows Live Messenger 5.1 on Windows 2000, Windows XP and Windows Server 2003

 Microsoft has released an advisory for this vulnerability which can be found at:

<a href="http://www.microsoft.com/technet/security/bulletin/ms08-050.mspx" target="_blank">http://www.microsoft.com/technet/security/bulletin/ms08-050.mspx</a>