Windows : Microsoft Windows Messenger Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.11429

Categoría: Windows

Título: Microsoft Windows Messenger Multiple Vulnerabilities

Resumen: Microsoft Windows Messenger is prone to multiple vulnerabilities.

Descripción: Summary:
Microsoft Windows Messenger is prone to multiple vulnerabilities.

Vulnerability Insight:
The following flaws exist:

- Buffer overflow in Setup ActiveX control (setupbbs.ocx), allows ttacker to execute commands via
the methods vAddNewsServer or bIsNewsServerConfigured.

- An error in 'ActiveX' object allows attacker to disclosure information.

- An error in the authentication mechanisms, allows remote attacker to spoof messages.

- An error in 'Font' tag and in 'Invite' request allows remote attacker to cause denial of service.

Vulnerability Impact:
Successful exploitation could allow attackers to bypass certain
security restrictions, execute arbitrary code in the context of the browser or cause a denial of
service.

Affected Software/OS:
- Microsoft MSN Messenger Service 1.x, 2.0.x, 2.2.x, 3.0.x, 3.6.x

- Microsoft MSN Messenger Service 4.0.x to 4.6.x

Solution:
No known solution was made available for at least one year
since the disclosure of this vulnerability. Likely none will be provided anymore. General solution
options are to upgrade to a newer release, disable respective features, remove the product or
replace the product by another one.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-1999-1484
BugTraq ID: 668
http://www.securityfocus.com/bid/668
Bugtraq: 19990924 Several ActiveX Buffer Overruns (Google Search)
http://www.securityfocus.com/archive/1/28719
XForce ISS Database: msn-setup-bbs-activex-bo(3310)
https://exchange.xforce.ibmcloud.com/vulnerabilities/3310
Common Vulnerability Exposure (CVE) ID: CVE-2002-0228
BugTraq ID: 4028
http://www.securityfocus.com/bid/4028
Bugtraq: 20020202 MSN Messenger reveals your name to websites (and can reveal email addresses too) (Google Search)
http://online.securityfocus.com/archive/1/254021
http://www.iss.net/security_center/static/8084.php
Common Vulnerability Exposure (CVE) ID: CVE-2002-0472
BugTraq ID: 4316
http://www.securityfocus.com/bid/4316
Bugtraq: 20020319 Potential vulnerabilities of the Microsoft RVP-based Instant Messaging (Google Search)
http://www.securityfocus.com/archive/1/262906
http://www.encode-sec.com/esp0202.pdf
http://www.iss.net/security_center/static/8582.php

Copyright Copyright (C) 2003 Xue Yong Zhi

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.11429
Categoría:	Windows
Título:	Microsoft Windows Messenger Multiple Vulnerabilities
Resumen:	Microsoft Windows Messenger is prone to multiple vulnerabilities.
Descripción:	Summary: Microsoft Windows Messenger is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - Buffer overflow in Setup ActiveX control (setupbbs.ocx), allows ttacker to execute commands via the methods vAddNewsServer or bIsNewsServerConfigured. - An error in 'ActiveX' object allows attacker to disclosure information. - An error in the authentication mechanisms, allows remote attacker to spoof messages. - An error in 'Font' tag and in 'Invite' request allows remote attacker to cause denial of service. Vulnerability Impact: Successful exploitation could allow attackers to bypass certain security restrictions, execute arbitrary code in the context of the browser or cause a denial of service. Affected Software/OS: - Microsoft MSN Messenger Service 1.x, 2.0.x, 2.2.x, 3.0.x, 3.6.x - Microsoft MSN Messenger Service 4.0.x to 4.6.x Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-1999-1484 BugTraq ID: 668 http://www.securityfocus.com/bid/668 Bugtraq: 19990924 Several ActiveX Buffer Overruns (Google Search) http://www.securityfocus.com/archive/1/28719 XForce ISS Database: msn-setup-bbs-activex-bo(3310) https://exchange.xforce.ibmcloud.com/vulnerabilities/3310 Common Vulnerability Exposure (CVE) ID: CVE-2002-0228 BugTraq ID: 4028 http://www.securityfocus.com/bid/4028 Bugtraq: 20020202 MSN Messenger reveals your name to websites (and can reveal email addresses too) (Google Search) http://online.securityfocus.com/archive/1/254021 http://www.iss.net/security_center/static/8084.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0472 BugTraq ID: 4316 http://www.securityfocus.com/bid/4316 Bugtraq: 20020319 Potential vulnerabilities of the Microsoft RVP-based Instant Messaging (Google Search) http://www.securityfocus.com/archive/1/262906 http://www.encode-sec.com/esp0202.pdf http://www.iss.net/security_center/static/8582.php
Copyright	Copyright (C) 2003 Xue Yong Zhi