Microsoft MSN Messenger and Windows Live Messenger Remote Code Execution Vulnerability (942099) (deprecated)
high Nessus Network Monitor Plugin ID 4210
New! Plugin Severity Now Using CVSS v3
The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Synopsis
Arbitrary code can be executed on the remote host through MSN and Windows Live Messenger.Description
The remote host is running MSN Messenger or Windows Live Messenger. The version of Messenger used on the remote host is vulnerable to a remote buffer overflow in the way it handles webcam and video chat sessions. An attacker may exploit this vulnerability to execute arbitrary code on the remote host.Solution
Upgrade or patch according to vendor recommendations.See Also
http://www.microsoft.com/technet/security/bulletin/ms07-054.mspx
Plugin Details
Severity: High
ID: 4210
Family: Internet Messengers
Published: 9/11/2007
Updated: 9/16/2018
Dependencies: 4196
Nessus ID: 26019
Risk Information
CVSS v2
Risk Factor: High
Base Score: 9.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Reference Information
CVE: CVE-2007-2931