| Vulnerability Name: | CVE-2010-0278 (CCN-55483) | ||||||||
| Assigned: | 2010-01-08 | ||||||||
| Published: | 2010-01-08 | ||||||||
| Updated: | 2018-10-10 | ||||||||
| Summary: | A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session. | ||||||||
| CVSS v3 Severity: | 7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:POC/RL:U/RC:UR)
6.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:POC/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Fri Jan 08 2010 [HACKATTACK Advisory 080110] Windows Live Messenger 2009 ActiveX DoS Vulnerability Source: MITRE Type: CNA CVE-2010-0278 Source: CCN Type: Windows Live Messenger Web site Messenger - Windows Live Source: CCN Type: OSVDB ID: 61676 Microsoft Windows Live Messenger msnmsgr.exe ActiveX (msgsc.14.0.8089.726.dll) ViewProfile Method MSN Messenger Session Remote DoS Source: BUGTRAQ Type: UNKNOWN 20100108 [HACKATTACK Advisory 080110] Windows Live Messenger 2009 ActiveX DoS Vulnerability Source: BID Type: Exploit 37680 Source: CCN Type: BID-37680 RETIRED: Windows Live Messenger 'ViewProfile()' Method ActiveX Control Buffer Overflow Vulnerability Source: XF Type: UNKNOWN ms-messenger-viewprofile-dos(55483) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||