Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MSN Messenger Malformed Invite Request Remote DoS

Medium

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack

Description

The remote host is running Microsoft MSN Messenger. Certain versions of MSN messenger are vulnerable to a Denial of Service attack. Specifically, a message received with a malformed invite request containing HTML-encoded space characters (%20) in the Invitation-Cookie field may cause an MSN client to crash. A remote attacker may use this vulnerability to create a Denial of Service attack.

Solution

Upgrade to the latest version of MSN Messenger.