MSN Messenger Malformed GIF Remote Overflow (deprecated)

high Nessus Network Monitor Plugin ID 2817


The remote host is vulnerable to a buffer overflow.


The remote host is running Microsoft MSN Messenger. There is a flaw in this version of MSN Messenger that would allow a remote attacker to potentially execute code on the target host. The flaw is in the processing of GIF images. An attacker exploiting this flaw would need to be able to convince a user to view a GIF image (such as an emoticon or icon). Successful exploitation would lead to arbitrary code being executed on the vulnerable system.


Upgrade or patch according to vendor recommendations.

See Also

Plugin Details

Severity: High

ID: 2817

Published: 4/12/2005

Updated: 3/6/2019

Dependencies: 2599

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:a:microsoft:msn_messenger:*:*:*:*:*:*:*:*

Reference Information

CVE: CVE-2005-0562

BID: 13114