CVSS: 10.0EPSS: 72%CPEs: 2EXPL: 0CVE-2008-0082
https://notcve.org/view.php?id=CVE-2008-0082
An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors. Un control ActiveX (Messenger.UIAutomation.1) en Windows Messenger versiones 4.7 y 5.1, es marcado como seguro para scripting, lo que permite a los atacantes remotos controlar la aplicación Messenger y "change state", obtener información de contacto, y establecer conexiones de audio o vídeo sin notificación por medio de vectores desconocidos. • http://marc.info/?l=bugtraq&m=121915960406986&w=2 http://secunia.com/advisories/31446 http://www.securityfocus.com/archive/1/495467/100/0/threaded http://www.securityfocus.com/bid/30551 http://www.securitytracker.com/id?1020681 http://www.us-cert.gov/cas/techalerts/TA08-225A.html http://www.vupen.com/english/advisories/2008/2354 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 0CVE-2007-3436
https://notcve.org/view.php?id=CVE-2007-3436
Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation. Microsoft MSN Messenger 4.7 en Windows XP permite a atacantes remotos provocar una denegación de servicio (consumo de recursos) mediante una inundación de peticiones SIP INVITE al puerto especificado para conversación por voz. • http://osvdb.org/45427 http://www.sipera.com/index.php?action=resources%2Cthreat_advisory&tid=292& https://exchange.xforce.ibmcloud.com/vulnerabilities/35064 •