Denial of Service Vulnerability in Microsoft Windows Live Messenger
CVE-2006-6252

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Live Messenger
Vendor: CVE Published:; 4 December 2006

Summary

A vulnerability exists in Microsoft Windows Live Messenger 8.0 and earlier versions that can be exploited by remote attackers. If users have gestual emoticons enabled, an attacker can send a specially crafted long string of ':D' sequences, which are interpreted as emoticons. This can lead to excessive CPU consumption and result in a denial of service, disrupting the normal operation of the application for the user.

References

http://www.securityfocus.com/archive/1/452645/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/archive/1/452620/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 4, 2006
Vulnerability Reserved
Dec 3, 2006