Windows Messenger Could Allow Information Disclosure Vulnerability (955702) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS08-050.

Impact

Remote attackers can log on to a user's Messenger client as a user, and can initiate audio and video chat sessions without user interaction. Impact Level : Network

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms08-050.mspx

Insight

Issue is in the Messenger.UIAutomation.1 ActiveX control being marked safe-for-scripting, which allows changing state, obtain contact information and a user's login ID.

Affected

Windows Messenger 4.7 on MS Windows 2K/XP Windows Messenger 5.1 on MS Windows 2K/XP/2003

References

http://www.microsoft.com/technet/security/bulletin/ms08-050.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-0082

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Cumulative Security Update for Internet Explorer (950759)
Cumulative Security Update for Internet Explorer (972260)
Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2870699)
Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864)
Message Queuing Remote Code Execution Vulnerability (951071) - Remote

Take action and discover your vulnerabilities