Vulnerabilities > Microsoft > Windows Live Messenger > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-01-12 | CVE-2010-0278 | Buffer Overflow vulnerability in Microsoft Windows Live Messenger 2009 A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session. network microsoft | 4.3 |
| 2009-07-20 | CVE-2009-2544 | Path Traversal vulnerability in Marcelo Costa Fileserver 1.0 Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. | 6.8 |
| 2009-02-19 | CVE-2009-0647 | Improper Input Validation vulnerability in Microsoft Windows Live Messenger 2009 msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the Content-Type header line. | 5.0 |
| 2009-01-02 | CVE-2008-5828 | Information Exposure vulnerability in Microsoft Windows Live Messenger Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields. | 5.0 |
| 2008-11-20 | CVE-2008-5179 | Remote Denial of Service vulnerability in Microsoft products Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet. | 5.0 |
| 2007-10-01 | CVE-2007-5144 | Buffer Errors vulnerability in Microsoft Windows Live Messenger 8.1 Buffer overflow in the GDI engine in Windows Live Messenger, as used for Windows MSN Live 8.1, allows user-assisted remote attackers to cause a denial of service (application crash or system crash) and possibly execute arbitrary code by placing a malformed file in a new folder under the Sharing Folders path, and triggering a synchronize operation through the Windows MSN Live online service, possibly related to extended file attributes and possibly related to an incomplete fix for MS07-046, as demonstrated by a (1) .jpg, (2) .gif, (3) .wmf, (4) .doc, or (5) .ico file. | 4.3 |
| 2006-12-04 | CVE-2006-6252 | Denial-Of-Service vulnerability in Microsoft Windows Live Messenger 8.0 Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons. network microsoft | 4.3 |