Microsoft » Windows Live Messenger : Security Vulnerabilities, CVEs, CVSS score >= 5
msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the Content-Type header line. NOTE: this has been reported as a format string vulnerability by some sources, but the provenance of that information is unknown.
Max CVSS
5.0
EPSS Score
3.38%
Published
2009-02-19
Updated
2018-10-10
Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields.
Max CVSS
5.0
EPSS Score
0.35%
Published
2009-01-02
Updated
2018-10-11
Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet.
Max CVSS
5.0
EPSS Score
6.48%
Published
2008-11-20
Updated
2017-08-08
Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions.
Max CVSS
9.3
EPSS Score
94.93%
Published
2007-08-31
Updated
2018-10-12
Heap-based buffer overflow in Windows Live Messenger 8.0 allows user-assisted attackers to execute arbitrary code via a crafted Contact List (.ctt) file, which triggers the overflow when it is imported by the user.
Max CVSS
5.1
EPSS Score
4.22%
Published
2006-06-27
Updated
2018-10-18
5 vulnerabilities found