Microsoft Windows Messenger Information Disclosure Vulnerability( 13 August 2008 )
Last Update Date:
28 Jan 2011
Release Date:
13 Aug 2008
4684
Views
RISK: Medium Risk
An information disclosure vulnerability exists in supported versions of Windows Messenger. Scripting of a particular ActiveX control, Messenger.UIAutomation.1, could allow information disclosure from these programs in the context of the logged-on user. An attacker could change state, get contact information, and initiate audio and video chat sessions without the knowledge of the logged-on user. An attacker could also capture the user's logon ID and remotely log on to the user's Messenger client as that user.
Impact
- Information Disclosure
System / Technologies affected
- Windows Messenger 4.7
- Windows Messenger 5.1
- Microsoft Windows 2000
- Windows XP
- Windows Server 2003
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch
- Windows Messenger 4.7
- Windows XP Service Pack 2 and Windows XP Service Pack 3
- Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems - Windows Messenger 5.1
- Microsoft Windows 2000 Service Pack 4
- Windows XP Service Pack 2 and Windows XP Service Pack 3
- Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
Vulnerability Identifier
Source
Related Link
Share with