Windows Messenger Could Allow Information Disclosure Vulnerability (955702) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS08-050.

Impact

Remote attackers can log on to a user's Messenger client as a user, and can initiate audio and video chat sessions without user interaction. Impact Level : Network

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms08-050.mspx

Insight

Issue is in the Messenger.UIAutomation.1 ActiveX control being marked safe-for-scripting, which allows changing state, obtain contact information and a user's login ID.

Affected

Windows Messenger 4.7 on MS Windows 2K/XP Windows Messenger 5.1 on MS Windows 2K/XP/2003

References

http://www.microsoft.com/technet/security/bulletin/ms08-050.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-0082
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft .NET Framework Remote Code Execution Vulnerability (2484015)
Cumulative Security Update for Internet Explorer (928090)
Microsoft Comctl32 Integer Overflow Vulnerability (2864058)
Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803)
Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)

Take action and discover your vulnerabilities