SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Your Ad Here
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Instant Messaging/IRC/Chat)  >  Windows Messenger Vendors:  Microsoft
Windows Messenger ActiveX Control Bug Lets Remote Users Obtain Information and Perform Chat Functions
SecurityTracker Alert ID:  1020681
SecurityTracker URL:  http://securitytracker.com/id?1020681
CVE Reference:  CVE-2008-0082   (Links to External Site)
Date:  Aug 12 2008
Impact:  Disclosure of system information, Disclosure of user information, Modification of user information, User access via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Advisory:  Microsoft Security Bulletin
Version(s): 4.7, 5.1
Description:  A vulnerability was reported in Windows Messenger. A remote user can obtain information and initiate chat sessions.

A remote user can create specially crafted HTML that, when loaded by the target user, will exploit an ActiveX control (Messenger.UIAutomation.1) to perform actions on the target user's Messenger client. The remote user can change state, obtain contact information, and initiate audio and video chat sessions without the knowledge of the target user. The remote user can also login to a Messenger session using the target user's identity.

The CLSID of the vulnerable control is: B69003B3-C55E-4b48-836C-BC5946FC3B28

Haifei Li of Fortinet s FortiGuard Global Security Research Team reported this vulnerability.
Impact:  A remote user can obtain information and perform chat functions.
Solution:  The vendor has issued a fix. A patch matrix is available in the vendor's advisory.

The vendor's advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms08-050.mspx
Vendor URL:  www.microsoft.com/technet/security/bulletin/ms08-050.mspx (Links to External Site)
Cause:  Access control error
Underlying OS:  Windows (2000), Windows (2003), Windows (XP)
Underlying OS Comments:  2000 SP4, XP SP3, 2003 SP2; and prior service packs

Message History:   None.

 Source Message Contents
Date:  Tue, 12 Aug 2008 16:49:00 -0400
Subject:  http://www.microsoft.com/technet/security/bulletin/ms08-050.mspx

 
 
Microsoft Security Bulletin MS08-050 – Important: Vulnerability in Windows Messenger Could Allow Info
rmation Disclosure (955702)
 
CVE-2008-0082


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2007, SecurityGlobal.net LLC