VYPR

Msn Messenger

by Microsoft

CVEs (14)

  • CVE-2004-0597Nov 23, 2004
    risk 0.10cvss epss 0.83

    Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or…

  • CVE-2003-0717Nov 17, 2003
    risk 0.08cvss epss 0.63

    The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.

  • CVE-2007-2931Aug 31, 2007
    risk 0.07cvss epss 0.55

    Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions.

  • CVE-2002-1831Dec 31, 2002
    risk 0.05cvss epss 0.23

    Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field.

  • CVE-2005-0562Apr 12, 2005
    risk 0.02cvss epss 0.23

    GIF file validation error in MSN Messenger 6.2 allows remote attackers in a user's contact list to execute arbitrary code via a GIF image with an improper height and width.

  • CVE-2004-0122Apr 15, 2004
    risk 0.02cvss epss 0.22

    Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files.

  • CVE-2002-0155May 29, 2002
    risk 0.02cvss epss 0.24

    Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX.

  • CVE-2007-3436Jun 27, 2007
    risk 0.01cvss epss 0.13

    Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation.

  • CVE-2005-2304Jul 19, 2005
    risk 0.01cvss epss 0.09

    Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) via an image with an ICC Profile with a large Tag Count.

  • CVE-2005-2225Jul 12, 2005
    risk 0.01cvss epss 0.16

    Microsoft MSN Messenger allows remote attackers to cause a denial of service via a plaintext message containing the ".pif" string, which is interpreted as a malicious file extension and causes users to be kicked from a group conversation. NOTE: it has been reported that Gaim is…

  • CVE-2002-1698Dec 31, 2002
    risk 0.01cvss epss 0.16

    Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via a long FN (font) argument in the message header.

  • CVE-2002-0472Aug 12, 2002
    risk 0.01cvss epss 0.12

    MSN Messenger Service 3.6, and possibly other versions, uses weak authentication when exchanging messages between clients, which allows remote attackers to spoof messages from other users.

  • CVE-2002-0228May 16, 2002
    risk 0.01cvss epss 0.16

    Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites).

  • CVE-2006-0363Jan 22, 2006
    risk 0.00cvss epss 0.03

    The "Remember my Password" feature in MSN Messenger 7.5 stores passwords in an encrypted format under the HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds registry key, which might allow local users to obtain the original passwords via a program that calls…