ActiveX Control Vulnerability in Windows Messenger by Microsoft
CVE-2008-0082

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Messenger
Vendor: CVE Published:; 13 August 2008

What is CVE-2008-0082?

An ActiveX control in Windows Messenger versions 4.7 and 5.1 is incorrectly marked as safe-for-scripting. This flaw permits remote attackers to exploit the Messenger application, altering its state and gaining access to user contact information. By leveraging unknown attack vectors, attackers may also establish unauthorized audio or video connections without the user's consent, placing sensitive information at risk.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.vupen.com/english/advisories/2008/2354

vdb-entryx_refsource_VUPEN

http://www.us-cert.gov/cas/techalerts/TA08-225A.html

third-party-advisoryx_refsource_CERT

EPSS Score

64% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 13, 2008
Vulnerability Reserved
Jan 3, 2008