Vulnerability Note VU#166521
MSN Messenger and Windows Live Messenger webcam stream heap overflow
MSN Messenger fails to properly handle webcam streams, which may allow a remote attacker to execute arbitrary code.
MSN Messenger is an instant messaging application. Starting with version 8, MSN Messenger was renamed to Windows Live Messenger. Windows Live Messenger and some versions of MSN Messenger support the use of webcams. MSN Messenger and Windows Live Messenger appear to require user interaction to connect a webcam stream.
MSN Messenger and Windows Live Messenger contain a heap overflow in the handling of a malformed webcam streams. Exploit code for this vulnerability is publicly available.
By convincing a user to accept a webcam invitation, a remote attacker may be able to execute arbitrary code with the privileges of the user.
Apply an update
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||21 Aug 2007||28 Aug 2007|
CVSS Metrics (Learn More)
This vulnerability was publicly reported by team509.
This document was written by Will Dormann.
- CVE IDs: CVE-2007-2931
- Date Public: 31 Jan 2007
- Date First Published: 28 Aug 2007
- Date Last Updated: 13 Sep 2007
- Severity Metric: 3.54
- Document Revision: 8
If you have feedback, comments, or additional information about this vulnerability, please send us email.