Microsoft: >> Windows Live Messenger >> 8.0 Security Vulnerabilities
Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. (dot dot) in a pathname.
CVSS Score
6.8
EPSS Score
0.01
Published
2009-07-20
Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields.
CVSS Score
5.0
EPSS Score
0.179
Published
2009-01-02
Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet.
CVSS Score
5.0
EPSS Score
0.301
Published
2008-11-20
Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions.
CVSS Score
9.3
EPSS Score
0.776
Published
2007-08-31
Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons.
CVSS Score
4.3
EPSS Score
0.106
Published
2006-12-04
Heap-based buffer overflow in Windows Live Messenger 8.0 allows user-assisted attackers to execute arbitrary code via a crafted Contact List (.ctt) file, which triggers the overflow when it is imported by the user.
CVSS Score
5.1
EPSS Score
0.199
Published
2006-06-27