CVSS: 9.3EPSS: 77%CPEs: 4EXPL: 4CVE-2007-2931 – Microsoft MSN Messenger 8.0 - Video Conversation Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-2931
31 Aug 2007 — Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions. Un desbordamiento de búfer en la región heap de la memoria en Microsoft MSN Messenger versiones 6.2, 7.0 y 7.5, y Live Messenger versión 8.0 permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de vectores no especifi... • https://www.exploit-db.com/exploits/30537 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 17%CPEs: 2EXPL: 0CVE-2007-3436
https://notcve.org/view.php?id=CVE-2007-3436
27 Jun 2007 — Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation. Microsoft MSN Messenger 4.7 en Windows XP permite a atacantes remotos provocar una denegación de servicio (consumo de recursos) mediante una inundación de peticiones SIP INVITE al puerto especificado para conversación por voz. • http://osvdb.org/45427 •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2006-0363
https://notcve.org/view.php?id=CVE-2006-0363
22 Jan 2006 — The "Remember my Password" feature in MSN Messenger 7.5 stores passwords in an encrypted format under the HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds registry key, which might allow local users to obtain the original passwords via a program that calls CryptUnprotectData, as demonstrated by the "MSN Password Recovery.exe" program. NOTE: it could be argued that local-only password recovery is inherently insecure because the decryption methods and keys must be stored somewhere on the local system, a... • http://www.msn-password-recovery.com •
CVSS: 7.5EPSS: 9%CPEs: 1EXPL: 3CVE-2005-2225
https://notcve.org/view.php?id=CVE-2005-2225
12 Jul 2005 — Microsoft MSN Messenger allows remote attackers to cause a denial of service via a plaintext message containing the ".pif" string, which is interpreted as a malicious file extension and causes users to be kicked from a group conversation. NOTE: it has been reported that Gaim is also affected, so this may be an issue in the protocol or MSN servers. • http://securitytracker.com/id?1014444 •
CVSS: 9.8EPSS: 40%CPEs: 1EXPL: 0CVE-2005-0562
https://notcve.org/view.php?id=CVE-2005-0562
12 Apr 2005 — GIF file validation error in MSN Messenger 6.2 allows remote attackers in a user's contact list to execute arbitrary code via a GIF image with an improper height and width. • http://secunia.com/advisories/14915 •
CVSS: 10.0EPSS: 84%CPEs: 7EXPL: 5CVE-2004-0597 – LibPNG 1.2.5 - 'png_jmpbuf()' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-0597
05 Aug 2004 — Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking. • https://www.exploit-db.com/exploits/393 •
CVSS: 7.5EPSS: 33%CPEs: 2EXPL: 0CVE-2004-0122
https://notcve.org/view.php?id=CVE-2004-0122
15 Apr 2004 — Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files. Microsoft MSN Messenger 6.0 y 6.1 no maneja adecuadamente ciertas peticiones, lo que permite a atacantes remotos leer ficheros arbitrarios. • http://www.kb.cert.org/vuls/id/688094 •
CVSS: 7.5EPSS: 18%CPEs: 8EXPL: 0CVE-2002-1698
https://notcve.org/view.php?id=CVE-2002-1698
31 Dec 2002 — Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via a long FN (font) argument in the message header. • http://online.securityfocus.com/archive/1/271130 •
CVSS: 7.5EPSS: 16%CPEs: 8EXPL: 2CVE-2002-1831 – Microsoft MSN Messenger 1 < 4 - Malformed Invite Request Denial of Service
https://notcve.org/view.php?id=CVE-2002-1831
31 Dec 2002 — Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field. • https://www.exploit-db.com/exploits/21481 •
CVSS: 7.5EPSS: 14%CPEs: 1EXPL: 0CVE-2002-0472
https://notcve.org/view.php?id=CVE-2002-0472
11 Jun 2002 — MSN Messenger Service 3.6, and possibly other versions, uses weak authentication when exchanging messages between clients, which allows remote attackers to spoof messages from other users. • http://www.encode-sec.com/esp0202.pdf •