CVE-2009-0647

Published: Feb 19, 2009Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the Content-Type header line. NOTE: this has been reported as a format string vulnerability by some sources, but the provenance of that information is unknown.

Affected (1)

Products: Microsoft: Windows Live Messenger

1 product

Windows Live Messenger

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows Live Messenger	Version 2009

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://secunia.com/advisories/33985

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/archive/1/501043/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/33825

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2009/0466

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/48810

Source: cve@mitre.org

http://secunia.com/advisories/33985

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/archive/1/501043/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/33825

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2009/0466

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/48810

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.