CVE-2010-0278 – Microsoft Windows Live Messenger 2009 - ActiveX Denial of Service
https://notcve.org/view.php?id=CVE-2010-0278
A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session. Cierto control ActiveX en msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build v14.0.8089.726 en Windows Vista y Windows v7 permite a atacantes remotos producir una denegación de servicio (caída de msnmsgr.exe) mediante una llamada a el método ViewProfile con un argumento manipulado durante una sesión de MSN Messenger. • https://www.exploit-db.com/exploits/11070 http://www.securityfocus.com/archive/1/508811/100/0/threaded http://www.securityfocus.com/bid/37680 •
CVE-2009-2544 – Microsoft Windows Live Messenger Plus! Fileserver 1.0 - Directory Traversal
https://notcve.org/view.php?id=CVE-2009-2544
Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. (dot dot) in a pathname. Vulnerabilidad de salto de directorio en el componente Marcelo Costa FileServer v1.0 para Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) permite a usuarios autenticados remotamente listar directorios de su elección y leer ficheros de su elección al utilizar .. • https://www.exploit-db.com/exploits/9093 http://www.exploit-db.com/exploits/9093 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2009-0647
https://notcve.org/view.php?id=CVE-2009-0647
msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the Content-Type header line. NOTE: this has been reported as a format string vulnerability by some sources, but the provenance of that information is unknown. El archivo msnmsgr.exe en Windows Live Messenger (WLM) 2009, build 14.0.8064.206, y otras builds 14.0.8064.x, permite a los atacantes remotos causar una denegación de servicio (bloqueo de aplicación) por medio de un encabezado modificado en un paquete, como posiblemente sea demostrado mediante un valor UTF-8.0 del campo charset en la línea de encabezado Content-Type. NOTA: esto ha sido reportado como una vulnerabilidad de cadena de formato por algunas fuentes, pero la procedencia de esa información es desconocida. • http://secunia.com/advisories/33985 http://www.securityfocus.com/archive/1/501043/100/0/threaded http://www.securityfocus.com/bid/33825 http://www.vupen.com/english/advisories/2009/0466 https://exchange.xforce.ibmcloud.com/vulnerabilities/48810 • CWE-20: Improper Input Validation •
CVE-2008-5828
https://notcve.org/view.php?id=CVE-2008-5828
Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields. Cliente Microsoft Windows Live Messenger v8.5.1 y anteriores, cuando se usa el protocolo MSN v15(MSNP15) en una sesión NAT, permite a atacantes remotos conocer la dirección IP de la intranet y el númerro de los puertos, leyendo los campos de la cabecera (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, y (3) IPv4Internal-Port. • http://securityreason.com/securityalert/4862 http://www.securityfocus.com/archive/1/499624/100/0/threaded • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-5179
https://notcve.org/view.php?id=CVE-2008-5179
Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet. Vulnerabilidad inespecifica en Microsoft Office Communications Server (OCS), Office Communicator, y Windows Live Messenger que permite a atacantes remotos producir una denegacion de servicio (caida) a traves de la manipulacion de paquetes de reporte de receptor del protocolo Real-time Transport Control Protocol (RTCP). • http://www.securityfocus.com/bid/32341 http://www.securitytracker.com/id?1021294 http://www.voipshield.com/research-details.php?id=132 https://exchange.xforce.ibmcloud.com/vulnerabilities/46670 •