Buffer Overflow in Microsoft MSN Chat ActiveX Control Affecting MSN Messenger and Exchange Instant Messenger
CVE-2002-0155

Currently unrated

Key Information:

Vendor: Microsoft
Status: Msn Messenger; Msn Messenger Service For Exchange; Msn Chat Control
Vendor: CVE Published:; 29 May 2002

Summary

The Microsoft MSN Chat ActiveX Control is susceptible to a buffer overflow vulnerability due to insufficient validation of the ResDLL parameter. This flaw allows remote attackers to potentially execute arbitrary code on the affected systems running MSN Messenger versions 4.5 and 4.6 as well as Exchange Instant Messenger versions 4.5 and 4.6. By crafting a malicious ResDLL parameter, an attacker could exploit this vulnerability to manipulate the control, leading to unauthorized actions within the user's environment.

References

http://www.securityfocus.com/bid/4707

vdb-entryx_refsource_BID

http://www.cert.org/advisories/CA-2002-13.html

third-party-advisoryx_refsource_CERT

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

19% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 29, 2002
Vulnerability Reserved
Mar 19, 2002