<< Back
CVE Number Vulnerability Product Severity Date
MS08-050 Vulnerability in Windows Messenger Could Allow Information Disclosure (955702) Windows Messenger Critical 13-08-2008

Technical Information

Brief overview of the risk:
An information disclosure vulnerability exists in supported versions of Windows Messenger. Scripting of a particular ActiveX control, Messenger.UIAutomation.1, could allow information disclosure from these programs in the context of the logged-on user
Detailed Information on the risk:
An attacker could change state, get contact information, and initiate audio and video chat sessions without the knowledge of the logged-on user. An attacker could also capture the user

Affected Software

Windows Messenger 4.7
Windows Messenger 5.1