Vulnerabilities > CVE-2010-0278 - Buffer Overflow vulnerability in Microsoft Windows Live Messenger 2009

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

microsoft

exploit available

NVD

Published: 2010-01-12

Updated: 2018-10-10

Summary

A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Windows Live Messenger 2009	1
OS	Microsoft Microsoft Windows 7 * Microsoft Windows Vista *	2

Exploit-Db

description	Windows Live Messenger 2009 ActiveX DoS Vulnerability. CVE-2010-0278. Dos exploit for windows platform
id	EDB-ID:11070
last seen	2016-02-01
modified	2010-01-08
published	2010-01-08
reporter	HACKATTACK IT SECURITY GmbH
source	https://www.exploit-db.com/download/11070/
title	Windows Live Messenger 2009 - ActiveX DoS Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References