Windows : Microsoft Bulletins : Windows Messenger Could Allow Information Disclosure Vulnerability (955702)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.900034

Category: Windows : Microsoft Bulletins

Title: Windows Messenger Could Allow Information Disclosure Vulnerability (955702)

Summary: This host is missing a critical security update according to; Microsoft Bulletin MS08-050.

Description: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS08-050.

Vulnerability Insight:
Issue is in the Messenger.UIAutomation.1 ActiveX control being marked
safe-for-scripting, which allows changing state, obtain contact information and a user's login ID.

Vulnerability Impact:
Remote attackers can log on to a user's Messenger client as a user,
and can initiate audio and video chat sessions without user interaction.

Affected Software/OS:
- Microsoft Windows Messenger 4.7 on Microsoft Windows 2K/XP

- Microsoft Windows Messenger 5.1 on Microsoft Windows 2K/XP/2003

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-0082
BugTraq ID: 30551
http://www.securityfocus.com/bid/30551
Bugtraq: 20080814 Microsoft Windows Messenger Remote Illegal Access Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/495467/100/0/threaded
Cert/CC Advisory: TA08-225A
http://www.us-cert.gov/cas/techalerts/TA08-225A.html
HPdes Security Advisory: HPSBST02360
http://marc.info/?l=bugtraq&m=121915960406986&w=2
HPdes Security Advisory: SSRT080117
Microsoft Security Bulletin: MS08-050
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-050
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5995
http://www.securitytracker.com/id?1020681
http://secunia.com/advisories/31446
http://www.vupen.com/english/advisories/2008/2354

Copyright Copyright (C) 2008 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.900034
Category:	Windows : Microsoft Bulletins
Title:	Windows Messenger Could Allow Information Disclosure Vulnerability (955702)
Summary:	This host is missing a critical security update according to; Microsoft Bulletin MS08-050.
Description:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS08-050. Vulnerability Insight: Issue is in the Messenger.UIAutomation.1 ActiveX control being marked safe-for-scripting, which allows changing state, obtain contact information and a user's login ID. Vulnerability Impact: Remote attackers can log on to a user's Messenger client as a user, and can initiate audio and video chat sessions without user interaction. Affected Software/OS: - Microsoft Windows Messenger 4.7 on Microsoft Windows 2K/XP - Microsoft Windows Messenger 5.1 on Microsoft Windows 2K/XP/2003 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-0082 BugTraq ID: 30551 http://www.securityfocus.com/bid/30551 Bugtraq: 20080814 Microsoft Windows Messenger Remote Illegal Access Vulnerability (Google Search) http://www.securityfocus.com/archive/1/495467/100/0/threaded Cert/CC Advisory: TA08-225A http://www.us-cert.gov/cas/techalerts/TA08-225A.html HPdes Security Advisory: HPSBST02360 http://marc.info/?l=bugtraq&m=121915960406986&w=2 HPdes Security Advisory: SSRT080117 Microsoft Security Bulletin: MS08-050 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5995 http://www.securitytracker.com/id?1020681 http://secunia.com/advisories/31446 http://www.vupen.com/english/advisories/2008/2354
Copyright	Copyright (C) 2008 Greenbone AG