ActiveX Control Vulnerability in Windows Messenger by Microsoft

CVE-2008-0082

Summary

An ActiveX control in Windows Messenger versions 4.7 and 5.1 is incorrectly marked as safe-for-scripting. This flaw permits remote attackers to exploit the Messenger application, altering its state and gaining access to user contact information. By leveraging unknown attack vectors, attackers may also establish unauthorized audio or video connections without the user's consent, placing sensitive information at risk.

References