Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Windows Live Messenger
Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-0278 1 Microsoft 3 Windows 7, Windows Live Messenger, Windows Vista 2024-11-21 4.3 MEDIUM N/A
A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.
CVE-2009-2544 2 Marcelo Costa, Microsoft 3 Fileserver, Messenger Plus\! Live, Windows Live Messenger 2024-11-21 6.8 MEDIUM N/A
Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. (dot dot) in a pathname.
CVE-2009-0647 1 Microsoft 1 Windows Live Messenger 2024-11-21 5.0 MEDIUM N/A
msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the Content-Type header line. NOTE: this has been reported as a format string vulnerability by some sources, but the provenance of that information is unknown.
CVE-2008-5828 1 Microsoft 1 Windows Live Messenger 2024-11-21 5.0 MEDIUM N/A
Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields.
CVE-2008-5179 1 Microsoft 3 Office Communications Server, Office Communicator, Windows Live Messenger 2024-11-21 5.0 MEDIUM N/A
Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet.
CVE-2007-5144 1 Microsoft 1 Windows Live Messenger 2024-11-21 4.3 MEDIUM N/A
Buffer overflow in the GDI engine in Windows Live Messenger, as used for Windows MSN Live 8.1, allows user-assisted remote attackers to cause a denial of service (application crash or system crash) and possibly execute arbitrary code by placing a malformed file in a new folder under the Sharing Folders path, and triggering a synchronize operation through the Windows MSN Live online service, possibly related to extended file attributes and possibly related to an incomplete fix for MS07-046, as demonstrated by a (1) .jpg, (2) .gif, (3) .wmf, (4) .doc, or (5) .ico file.
CVE-2007-2931 1 Microsoft 2 Msn Messenger, Windows Live Messenger 2024-11-21 9.3 HIGH N/A
Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions.
CVE-2006-6252 1 Microsoft 1 Windows Live Messenger 2024-11-21 4.3 MEDIUM N/A
Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons.
CVE-2006-3250 1 Microsoft 1 Windows Live Messenger 2024-11-21 5.1 MEDIUM N/A
Heap-based buffer overflow in Windows Live Messenger 8.0 allows user-assisted attackers to execute arbitrary code via a crafted Contact List (.ctt) file, which triggers the overflow when it is imported by the user.