Heap-based Buffer Overflow in Windows Live Messenger 8.0
CVE-2006-3250

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Live Messenger
Vendor: CVE Published:; 27 June 2006

Summary

A heap-based buffer overflow vulnerability exists in Windows Live Messenger 8.0, which could allow attackers to execute arbitrary code upon the importing of a specially crafted Contact List (.ctt) file. When the malicious file is processed, it triggers a buffer overflow, potentially compromising the user's system. This vulnerability highlights the need for caution when handling contact list files from untrusted sources.

References

http://www.jaascois.com/exploits/18602016/

x_refsource_MISC

http://www.securityfocus.com/archive/1/438442/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://securitydot.net/xpl/exploits/vulnerabilities/artic...

x_refsource_MISC

EPSS Score

19% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 27, 2006
Vulnerability Reserved
Jun 27, 2006