Denial of Service Vulnerability in Microsoft MSN Messenger
CVE-2005-2225

Currently unrated

Key Information:

Vendor: Microsoft
Status: Msn Messenger Service
Vendor: CVE Published:; 12 July 2005

Summary

A vulnerability in Microsoft MSN Messenger allows attackers to cause a denial of service by sending a plaintext message containing the '.pif' string. This malicious input is interpreted as a harmful file extension, resulting in users being unexpectedly removed from group conversations. The issue may also extend to other applications like Gaim, indicating a potential flaw in the underlying protocol or the MSN servers themselves.

References

http://securitytracker.com/id?1014444

vdb-entryx_refsource_SECTRACK

http://www.digitalparadox.org/viewadvisories.ah?view=45

x_refsource_MISC

http://www.messenger-blog.com/?p=146

x_refsource_MISC

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 12, 2005
Vulnerability Reserved
Jul 12, 2005