Windows Live Messenger

windows_live_messenger

Vendor: Microsoft • 8 CVEs

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2010-0278 1Microsoft 1Windows Live Messenger Apr 23, 2026 Jan 12, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by...Show more A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.Show less
CVE-2009-0647 1Microsoft 1Windows Live Messenger Apr 23, 2026 Feb 19, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly...Show more msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the Content-Type header line. NOTE: this has been reported as a format string vulnerability by some sources, but the provenance of that information is unknown.Show less
CVE-2008-5828 1Microsoft 1Windows Live Messenger Apr 23, 2026 Jan 2, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) I...Show more Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields.Show less
CVE-2008-5179 1Microsoft 3Office Communications Server Office CommunicatorWindows Live Messenger Apr 23, 2026 Nov 20, 2008 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Co...Show more Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet.Show less
CVE-2007-5144 1Microsoft 1Windows Live Messenger Apr 23, 2026 Oct 1, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Buffer overflow in the GDI engine in Windows Live Messenger, as used for Windows MSN Live 8.1, allows user-assisted remote attackers to cause a denial of service (application crash or system crash) and possibly execute a...Show more Buffer overflow in the GDI engine in Windows Live Messenger, as used for Windows MSN Live 8.1, allows user-assisted remote attackers to cause a denial of service (application crash or system crash) and possibly execute arbitrary code by placing a malformed file in a new folder under the Sharing Folders path, and triggering a synchronize operation through the Windows MSN Live online service, possibly related to extended file attributes and possibly related to an incomplete fix for MS07-046, as demonstrated by a (1) .jpg, (2) .gif, (3) .wmf, (4) .doc, or (5) .ico file.Show less
CVE-2007-2931 1Microsoft 2Msn Messenger Windows Live Messenger Apr 23, 2026 Aug 31, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handlin...Show more Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions.Show less
CVE-2006-6252 1Microsoft 1Windows Live Messenger Apr 23, 2026 Dec 4, 2006 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpr...Show more Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons.Show less
CVE-2006-3250 1Microsoft 1Windows Live Messenger Apr 16, 2026 Jun 27, 2006 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Heap-based buffer overflow in Windows Live Messenger 8.0 allows user-assisted attackers to execute arbitrary code via a crafted Contact List (.ctt) file, which triggers the overflow when it is imported by the user.