Remote Code Execution Vulnerability in Microsoft Windows Live Messenger 2009
CVE-2010-0278

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Live Messenger
Vendor: CVE Published:; 12 January 2010

Summary

An ActiveX control in Microsoft Windows Live Messenger 2009 allows remote attackers to trigger a denial of service condition. By manipulating the ViewProfile method with specially crafted arguments during a session, an attacker can cause the application (msnmsgr.exe) to crash, disrupting the user's ability to utilize the messaging service. This vulnerability affects users on the Windows Vista and Windows 7 platforms.

References

http://www.securityfocus.com/bid/37680

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/508811/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

26% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 12, 2010
Vulnerability Reserved
Jan 12, 2010