Microsoft Windows Messenger ActiveX Control Information Disclosure Vulnerability
BID:30551
Info
Microsoft Windows Messenger ActiveX Control Information Disclosure Vulnerability
| Bugtraq ID: | 30551 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 12 2008 12:00AM |
| Updated: | Jul 05 2016 10:01PM |
| Credit: | Haifei Li (cocoruder) of the Fortinet Security Research Team |
| Vulnerable: |
Microsoft Windows Messenger 5.1 Microsoft Windows Messenger 4.7 |
| Not Vulnerable: | |
Discussion
Microsoft Windows Messenger ActiveX Control Information Disclosure Vulnerability
Microsoft Windows Messenger is prone to an information-disclosure vulnerability.
An attacker can exploit this issue by enticing an unsuspecting victim to visit a malicious HTML page.
Successfully exploiting this issue allows remote attackers to obtain sensitive information that may aid in further attacks.
Microsoft Windows Messenger is prone to an information-disclosure vulnerability.
An attacker can exploit this issue by enticing an unsuspecting victim to visit a malicious HTML page.
Successfully exploiting this issue allows remote attackers to obtain sensitive information that may aid in further attacks.
Exploit / POC
Microsoft Windows Messenger ActiveX Control Information Disclosure Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Microsoft Windows Messenger ActiveX Control Information Disclosure Vulnerability
Solution:
The vendor has released updates and an advisory. Please see the references for more information.
Microsoft Windows Messenger 4.7
Solution:
The vendor has released updates and an advisory. Please see the references for more information.
Microsoft Windows Messenger 4.7
-
Microsoft Security Update for Windows Server 2003 (KB954723)
http://www.microsoft.com/downloads/details.aspx?FamilyID=302315a8-ccb2 -47c2-9104-b8e1d1f49aa0&displaylang=en -
Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB954723)
http://www.microsoft.com/downloads/details.aspx?FamilyID=e4b72618-536b -4a21-bd91-d91be9ca24e5 -
Microsoft Security Update for Windows Server 2003 x64 Edition (KB954723)
http://www.microsoft.com/downloads/details.aspx?FamilyID=be94d138-7d7b -489e-baa6-e214950be6b9&displaylang=en -
Microsoft Security Update for Windows XP (KB946648)
http://www.microsoft.com/downloads/details.aspx?FamilyID=8f588f7e-c4ed -42a0-b157-54b1eda60474 -
Microsoft Security Update for Windows XP x64 Edition (KB946648)
http://www.microsoft.com/downloads/details.aspx?FamilyID=a5fc5457-832f -4ee8-be60-4cc8518d1c10
References
Microsoft Windows Messenger ActiveX Control Information Disclosure Vulnerability
References:
References:
- Microsoft Knowledge Base Article 240797 (Microsoft)
- Microsoft Windows Messenger Homepage (Microsoft)
- Windows Messenger Remote Illegal Access Vulnerability (cocoruder(frankruder_at_hotmail.com))
- Microsoft Security Bulletin MS08-050 �?? Important (Microsoft)