Buffer Overflow Vulnerability in Windows Live Messenger by Microsoft
CVE-2007-5144

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Live Messenger
Vendor: CVE Published:; 1 October 2007

What is CVE-2007-5144?

A buffer overflow flaw exists in the GDI engine of Windows Live Messenger, which can potentially allow user-assisted remote attackers to execute arbitrary code. This vulnerability is triggered when a malformed file is placed in a new folder under the Sharing Folders path, leading to a denial of service through application or system crashes. This vulnerability may involve specific file types such as .jpg, .gif, .wmf, .doc, or .ico, and is associated with an incomplete fix from prior security updates.

References

http://osvdb.org/45523

vdb-entryx_refsource_OSVDB

http://lostmon.blogspot.com/2007/09/windows-live-messenge...

x_refsource_MISC

http://www.securityfocus.com/bid/25795

vdb-entryx_refsource_BID

EPSS Score

16% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 1, 2007
Vulnerability Reserved
Sep 30, 2007