MSN Messenger Malformed GIF Remote Overflow (deprecated)

high Nessus Network Monitor Plugin ID 2817

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote host is running Microsoft MSN Messenger. There is a flaw in this version of MSN Messenger that would allow a remote attacker to potentially execute code on the target host. The flaw is in the processing of GIF images. An attacker exploiting this flaw would need to be able to convince a user to view a GIF image (such as an emoticon or icon). Successful exploitation would lead to arbitrary code being executed on the vulnerable system.

Solution

Upgrade or patch according to vendor recommendations.

See Also

http://www.microsoft.com/technet/security/Bulletin/MS05-022.mspx

Plugin Details

Severity: High

ID: 2817

Published: 4/12/2005

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:msn_messenger

Reference Information

CVE: CVE-2005-0562

BID: 13114