Content
(MS08-050) Microsoft Messenger Information Disclosure Vulnerability (946648)
- Type
- Logic error
- Impact of exploitation
- Information disclosure
- User Interaction
- user interaction is needed
- Attack Vector
- Website with malicious content
- Rating
- Medium
- CVE reference
- CVE-2008-0082,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows Messenger 4.7,
- Windows Messenger 5.1,
- MSN Messenger 7.0.0820,
- Windows Live Messenger 8.1,
- Windows Live Messenger 8.5,
- Summary
- A vulnerability is present in Microsoft MSN Messenger, Windows Messenger, and Live Messenger that could allow for disclosure of sensitive information. Exploitation could occur by visiting a malicious Web site.
Tab Navigation
Description
Microsoft MSN Messenger, Windows Messenger, and Live Messenger provide instant messaging fucntionality. A vulnerability is present in Microsoft MSN Messenger, Windows Messenger, and Live Messenger that could allow for disclosure of sensitive information. The flaw lies in the Messenger.UIAutomation.1 ActiveX control. Successful exploitation would allow the disclosure of the victim's login ID, initiate sessions, and obtain contact information.
McAfee Product Mitigation & Recommendations
Recommendations
Download and install the patch available from Microsoft (955702): http://www.microsoft.com/technet/security/Bulletin/MS08-050.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS08-050) Microsoft Messenger Information Disclosure Vulnerability (946648)
- Signature identifier:
- 6063
- Release date:
- 8/12/2008
Additional Resources
Microsoft Security Bulletin: Vulnerability in Windows Messenger, MSN Messenger, and Windows Live Messenger Could Allow Information Disclosure (955702)
http://www.microsoft.com/technet/security/Bulletin/MS08-050.mspx
All Information
Timeline -
8/12/2008
Vendor has provided a patch.
Description -
Microsoft MSN Messenger, Windows Messenger, and Live Messenger provide instant messaging fucntionality. A vulnerability is present in Microsoft MSN Messenger, Windows Messenger, and Live Messenger that could allow for disclosure of sensitive information. The flaw lies in the Messenger.UIAutomation.1 ActiveX control. Successful exploitation would allow the disclosure of the victim's login ID, initiate sessions, and obtain contact information.
McAfee Product Mitigation & Recommendations
Recommendations -
Download and install the patch available from Microsoft (955702): http://www.microsoft.com/technet/security/Bulletin/MS08-050.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS08-050) Microsoft Messenger Information Disclosure Vulnerability (946648)
- Signature identifier:
- 6063
- Release date:
- 8/12/2008
Additional Resources
Additional Resources -
Microsoft Security Bulletin: Vulnerability in Windows Messenger, MSN Messenger, and Windows Live Messenger Could Allow Information Disclosure (955702)
http://www.microsoft.com/technet/security/Bulletin/MS08-050.mspx
