Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Windows Messenger
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-0082 1 Microsoft 1 Windows Messenger 2024-02-28 10.0 HIGH N/A
An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors.
CVE-2004-0597 2 Greg Roelofs, Microsoft 6 Libpng, Msn Messenger, Windows 98se and 3 more 2024-02-28 10.0 HIGH N/A
Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.