CVSS: 5.5EPSS: 26%CPEs: 3EXPL: 2CVE-2010-0278 – Microsoft Windows Live Messenger 2009 - ActiveX Denial of Service
https://notcve.org/view.php?id=CVE-2010-0278
12 Jan 2010 — A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session. Cierto control ActiveX en msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build v14.0.8089.726 en Windows Vista y Windows v7 permite a atacantes remotos producir una denegación de servic... • https://www.exploit-db.com/exploits/11070 •
CVSS: 6.8EPSS: 1%CPEs: 3EXPL: 2CVE-2009-2544 – Microsoft Windows Live Messenger Plus! Fileserver 1.0 - Directory Traversal
https://notcve.org/view.php?id=CVE-2009-2544
20 Jul 2009 — Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. (dot dot) in a pathname. Vulnerabilidad de salto de directorio en el componente Marcelo Costa FileServer v1.0 para Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) permite a usuarios autenticados remotamente listar directorios de su elección y leer fi... • https://www.exploit-db.com/exploits/9093 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 18%CPEs: 1EXPL: 0CVE-2009-0647
https://notcve.org/view.php?id=CVE-2009-0647
19 Feb 2009 — msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the Content-Type header line. NOTE: this has been reported as a format string vulnerability by some sources, but the provenance of that information is unknown. El archivo msnmsgr.exe en Windows Live Messenger (WLM) 2009, build 14.0.8064... • http://secunia.com/advisories/33985 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 17%CPEs: 4EXPL: 0CVE-2008-5828
https://notcve.org/view.php?id=CVE-2008-5828
02 Jan 2009 — Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields. Cliente Microsoft Windows Live Messenger v8.5.1 y anteriores, cuando se usa el protocolo MSN v15(MSNP15) en una sesión NAT, permite a atacantes remotos conocer la dirección IP de la intranet y el númer... • http://securityreason.com/securityalert/4862 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 30%CPEs: 3EXPL: 0CVE-2008-5179
https://notcve.org/view.php?id=CVE-2008-5179
20 Nov 2008 — Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet. Vulnerabilidad inespecifica en Microsoft Office Communications Server (OCS), Office Communicator, y Windows Live Messenger que permite a atacantes remotos producir una denegacion de servicio (caida) a traves de la manipulacion de paquetes de repo... • http://www.securityfocus.com/bid/32341 •
CVSS: 7.8EPSS: 16%CPEs: 1EXPL: 0CVE-2007-5144
https://notcve.org/view.php?id=CVE-2007-5144
01 Oct 2007 — Buffer overflow in the GDI engine in Windows Live Messenger, as used for Windows MSN Live 8.1, allows user-assisted remote attackers to cause a denial of service (application crash or system crash) and possibly execute arbitrary code by placing a malformed file in a new folder under the Sharing Folders path, and triggering a synchronize operation through the Windows MSN Live online service, possibly related to extended file attributes and possibly related to an incomplete fix for MS07-046, as demonstrated b... • http://lostmon.blogspot.com/2007/09/windows-live-messenger-jpg-overflow.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 77%CPEs: 4EXPL: 4CVE-2007-2931 – Microsoft MSN Messenger 8.0 - Video Conversation Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-2931
31 Aug 2007 — Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions. Un desbordamiento de búfer en la región heap de la memoria en Microsoft MSN Messenger versiones 6.2, 7.0 y 7.5, y Live Messenger versión 8.0 permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de vectores no especifi... • https://www.exploit-db.com/exploits/30537 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 0CVE-2006-6252
https://notcve.org/view.php?id=CVE-2006-6252
04 Dec 2006 — Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons. Microsoft Windows Live Messenger 8.0 y versiones anteriores, cuando los emoticonos gestuales están habilitados, permite a atacantes remotos provocar una denegación de servicio (agotamiento de CPU) mediante una cadena larga compuesta de secuencias ":D", que son interpretada... • http://www.securityfocus.com/archive/1/452620/100/0/threaded •
CVSS: 7.8EPSS: 19%CPEs: 1EXPL: 3CVE-2006-3250
https://notcve.org/view.php?id=CVE-2006-3250
27 Jun 2006 — Heap-based buffer overflow in Windows Live Messenger 8.0 allows user-assisted attackers to execute arbitrary code via a crafted Contact List (.ctt) file, which triggers the overflow when it is imported by the user. Desbordamiento de búfer basado en memoria dinámica (heap) en Windows Live Messenger v8.0, permite a atacantes asistidos por el usuario ejecutar código de su elección a través de un archivo de listas de contacto (.ctt) manipulado, lo que provoca un desbordamiento cuando el archivo es importado por... • http://securitydot.net/xpl/exploits/vulnerabilities/articles/1108/exploit.html •