CVE-2008-5828

Published: Jan 2, 2009Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields.

Affected (4)

Products: Microsoft: Windows Live Messenger

Microsoft

1 product

Windows Live Messenger

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows Live Messenger	Up to 8.5.1
Microsoft Windows Live Messenger	Version 8.0
Microsoft Windows Live Messenger	Version 8.1
Microsoft Windows Live Messenger	Version 8.5

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://securityreason.com/securityalert/4862

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/499624/100/0/threaded

Source: cve@mitre.org

http://securityreason.com/securityalert/4862

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/499624/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.