Insecure Communication in Microsoft Windows Live Messenger Client
CVE-2008-5828

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Live Messenger
Vendor: CVE Published:; 2 January 2009

Summary

Microsoft Windows Live Messenger Client versions up to 8.5.1 are susceptible to a vulnerability that allows remote attackers to extract internal IP addresses and port numbers. This occurs during sessions using MSN Protocol Version 15 (MSNP15) over NAT, facilitating unauthorized exposure of sensitive network configuration details through specific header fields.

References

http://securityreason.com/securityalert/4862

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/archive/1/499624/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 2, 2009
Vulnerability Reserved
Jan 2, 2009