CVE-2009-0647
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the Content-Type header line. NOTE: this has been reported as a format string vulnerability by some sources, but the provenance of that information is unknown.
El archivo msnmsgr.exe en Windows Live Messenger (WLM) 2009, build 14.0.8064.206, y otras builds 14.0.8064.x, permite a los atacantes remotos causar una denegación de servicio (bloqueo de aplicación) por medio de un encabezado modificado en un paquete, como posiblemente sea demostrado mediante un valor UTF-8.0 del campo charset en la línea de encabezado Content-Type. NOTA: esto ha sido reportado como una vulnerabilidad de cadena de formato por algunas fuentes, pero la procedencia de esa información es desconocida.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-02-19 CVE Reserved
- 2009-02-19 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/501043/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/33825 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48810 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/33985 | 2018-10-10 | |
| http://www.vupen.com/english/advisories/2009/0466 | 2018-10-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Windows Live Messenger Search vendor "Microsoft" for product "Windows Live Messenger" | 2009 Search vendor "Microsoft" for product "Windows Live Messenger" and version "2009" | - |
Affected
| ||||||