Executive Summary
Summary | |
---|---|
Title | Vulnerability in MSN Messenger and Windows Live Messenger Could Allow Remote Code Execution (942099) |
Informations | |||
---|---|---|---|
Name | MS07-054 | First vendor Publication | 2007-09-11 |
Vendor | Microsoft | Last vendor Modification | 2007-09-11 |
Severity (Vendor) | Important | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
This important security update resolves a publicly disclosed vulnerability in MSN Messenger and Windows Live Messenger. The vulnerability could allow remote code execution when a user accepts a webcam or video chat invitation from an attacker. An attacker who successfully exploited this vulnerability could take complete control of the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/ms07-054.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
50 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:2063 | |||
Oval ID: | oval:org.mitre.oval:def:2063 | ||
Title: | Vulnerability in MSN Messenger and Windows Live Messenger Could Allow Remote Code Execution | ||
Description: | Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-2931 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | MSN Messenger |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 | |
Application | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
40126 | MSN Messenger Video Conversation Handling Remote Overflow |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt RuleID : 20554 - Revision : 10 - Type : PUA-OTHER |
2014-01-10 | Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt RuleID : 17551 - Revision : 11 - Type : PUA-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-09-11 | Name : Arbitrary code can be executed on the remote host through Messenger service. File : smb_nt_ms07-054.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:45:46 |
|
2013-05-11 12:22:03 |
|