CVSS: 7.8EPSS: 0%CPEs: 45EXPL: 0CVE-2011-1229
https://notcve.org/view.php?id=CVE-2011-1229
13 Apr 2011 — win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." Vulneravilidad de desreferencia a puntero nulo en win32k.sys en el... • http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 26%CPEs: 3EXPL: 2CVE-2010-0278 – Microsoft Windows Live Messenger 2009 - ActiveX Denial of Service
https://notcve.org/view.php?id=CVE-2010-0278
12 Jan 2010 — A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session. Cierto control ActiveX en msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build v14.0.8089.726 en Windows Vista y Windows v7 permite a atacantes remotos producir una denegación de servic... • https://www.exploit-db.com/exploits/11070 •
CVSS: 6.8EPSS: 1%CPEs: 3EXPL: 2CVE-2009-2544 – Microsoft Windows Live Messenger Plus! Fileserver 1.0 - Directory Traversal
https://notcve.org/view.php?id=CVE-2009-2544
20 Jul 2009 — Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. (dot dot) in a pathname. Vulnerabilidad de salto de directorio en el componente Marcelo Costa FileServer v1.0 para Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) permite a usuarios autenticados remotamente listar directorios de su elección y leer fi... • https://www.exploit-db.com/exploits/9093 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 18%CPEs: 1EXPL: 0CVE-2009-0647
https://notcve.org/view.php?id=CVE-2009-0647
19 Feb 2009 — msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the Content-Type header line. NOTE: this has been reported as a format string vulnerability by some sources, but the provenance of that information is unknown. El archivo msnmsgr.exe en Windows Live Messenger (WLM) 2009, build 14.0.8064... • http://secunia.com/advisories/33985 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 17%CPEs: 4EXPL: 0CVE-2008-5828
https://notcve.org/view.php?id=CVE-2008-5828
02 Jan 2009 — Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields. Cliente Microsoft Windows Live Messenger v8.5.1 y anteriores, cuando se usa el protocolo MSN v15(MSNP15) en una sesión NAT, permite a atacantes remotos conocer la dirección IP de la intranet y el númer... • http://securityreason.com/securityalert/4862 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 30%CPEs: 3EXPL: 0CVE-2008-5179
https://notcve.org/view.php?id=CVE-2008-5179
20 Nov 2008 — Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet. Vulnerabilidad inespecifica en Microsoft Office Communications Server (OCS), Office Communicator, y Windows Live Messenger que permite a atacantes remotos producir una denegacion de servicio (caida) a traves de la manipulacion de paquetes de repo... • http://www.securityfocus.com/bid/32341 •
CVSS: 10.0EPSS: 64%CPEs: 2EXPL: 0CVE-2008-0082
https://notcve.org/view.php?id=CVE-2008-0082
13 Aug 2008 — An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors. Un control ActiveX (Messenger.UIAutomation.1) en Windows Messenger versiones 4.7 y 5.1, es marcado como seguro para scripting, lo que permite a los atacantes remotos controlar la aplicación Messenger y... • http://marc.info/?l=bugtraq&m=121915960406986&w=2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 16%CPEs: 1EXPL: 0CVE-2007-5144
https://notcve.org/view.php?id=CVE-2007-5144
01 Oct 2007 — Buffer overflow in the GDI engine in Windows Live Messenger, as used for Windows MSN Live 8.1, allows user-assisted remote attackers to cause a denial of service (application crash or system crash) and possibly execute arbitrary code by placing a malformed file in a new folder under the Sharing Folders path, and triggering a synchronize operation through the Windows MSN Live online service, possibly related to extended file attributes and possibly related to an incomplete fix for MS07-046, as demonstrated b... • http://lostmon.blogspot.com/2007/09/windows-live-messenger-jpg-overflow.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 77%CPEs: 4EXPL: 4CVE-2007-2931 – Microsoft MSN Messenger 8.0 - Video Conversation Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-2931
31 Aug 2007 — Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions. Un desbordamiento de búfer en la región heap de la memoria en Microsoft MSN Messenger versiones 6.2, 7.0 y 7.5, y Live Messenger versión 8.0 permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de vectores no especifi... • https://www.exploit-db.com/exploits/30537 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 17%CPEs: 2EXPL: 0CVE-2007-3436
https://notcve.org/view.php?id=CVE-2007-3436
27 Jun 2007 — Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation. Microsoft MSN Messenger 4.7 en Windows XP permite a atacantes remotos provocar una denegación de servicio (consumo de recursos) mediante una inundación de peticiones SIP INVITE al puerto especificado para conversación por voz. • http://osvdb.org/45427 •