Search

Find a vulnerability

Search criteria

    22 vulnerabilities found for msn_messenger by microsoft

    CVE-2007-2931 (GCVE-0-2007-2931)

    Vulnerability from nvd – Published: 2007-08-31 22:00 – Updated: 2024-08-07 13:57
    VLAI
    Summary
    Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/26570 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/25461 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2007/2987 vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1018622 vdb-entryx_refsource_SECTRACK
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.team509.com/modules.php?name=News&file… x_refsource_MISC
    http://osvdb.org/40126 vdb-entryx_refsource_OSVDB
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.us-cert.gov/cas/techalerts/TA07-254A.html third-party-advisoryx_refsource_CERT
    http://www.kb.cert.org/vuls/id/166521 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2007-08-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:57:54.657Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "26570",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26570"
              },
              {
                "name": "msnmessenger-video-bo(36314)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36314"
              },
              {
                "name": "25461",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25461"
              },
              {
                "name": "ADV-2007-2987",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2987"
              },
              {
                "name": "1018622",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018622"
              },
              {
                "name": "oval:org.mitre.oval:def:2063",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2063"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.team509.com/modules.php?name=News\u0026file=article\u0026sid=50"
              },
              {
                "name": "40126",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/40126"
              },
              {
                "name": "MS07-054",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-054"
              },
              {
                "name": "TA07-254A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA07-254A.html"
              },
              {
                "name": "VU#166521",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/166521"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-08-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "26570",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26570"
            },
            {
              "name": "msnmessenger-video-bo(36314)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36314"
            },
            {
              "name": "25461",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25461"
            },
            {
              "name": "ADV-2007-2987",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2987"
            },
            {
              "name": "1018622",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018622"
            },
            {
              "name": "oval:org.mitre.oval:def:2063",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2063"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.team509.com/modules.php?name=News\u0026file=article\u0026sid=50"
            },
            {
              "name": "40126",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/40126"
            },
            {
              "name": "MS07-054",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-054"
            },
            {
              "name": "TA07-254A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-254A.html"
            },
            {
              "name": "VU#166521",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/166521"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2007-2931",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "26570",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26570"
                },
                {
                  "name": "msnmessenger-video-bo(36314)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36314"
                },
                {
                  "name": "25461",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25461"
                },
                {
                  "name": "ADV-2007-2987",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2987"
                },
                {
                  "name": "1018622",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018622"
                },
                {
                  "name": "oval:org.mitre.oval:def:2063",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2063"
                },
                {
                  "name": "http://www.team509.com/modules.php?name=News\u0026file=article\u0026sid=50",
                  "refsource": "MISC",
                  "url": "http://www.team509.com/modules.php?name=News\u0026file=article\u0026sid=50"
                },
                {
                  "name": "40126",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/40126"
                },
                {
                  "name": "MS07-054",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-054"
                },
                {
                  "name": "TA07-254A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA07-254A.html"
                },
                {
                  "name": "VU#166521",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/166521"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2007-2931",
        "datePublished": "2007-08-31T22:00:00.000Z",
        "dateReserved": "2007-05-30T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:57:54.657Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-3436 (GCVE-0-2007-3436)

    Vulnerability from nvd – Published: 2007-06-27 00:00 – Updated: 2024-08-07 14:14
    VLAI
    Summary
    Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2007-06-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:14:13.247Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45427",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/45427"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.sipera.com/index.php?action=resources%2Cthreat_advisory\u0026tid=292\u0026"
              },
              {
                "name": "msnmessenger-sip-weak-security(35064)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35064"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-06-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "45427",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/45427"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.sipera.com/index.php?action=resources%2Cthreat_advisory\u0026tid=292\u0026"
            },
            {
              "name": "msnmessenger-sip-weak-security(35064)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35064"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-3436",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45427",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/45427"
                },
                {
                  "name": "http://www.sipera.com/index.php?action=resources,threat_advisory\u0026tid=292\u0026",
                  "refsource": "MISC",
                  "url": "http://www.sipera.com/index.php?action=resources,threat_advisory\u0026tid=292\u0026"
                },
                {
                  "name": "msnmessenger-sip-weak-security(35064)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35064"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-3436",
        "datePublished": "2007-06-27T00:00:00.000Z",
        "dateReserved": "2007-06-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:14:13.247Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-0363 (GCVE-0-2006-0363)

    Vulnerability from nvd – Published: 2006-01-22 20:00 – Updated: 2024-08-07 16:34
    VLAI
    Summary
    The "Remember my Password" feature in MSN Messenger 7.5 stores passwords in an encrypted format under the HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds registry key, which might allow local users to obtain the original passwords via a program that calls CryptUnprotectData, as demonstrated by the "MSN Password Recovery.exe" program. NOTE: it could be argued that local-only password recovery is inherently insecure because the decryption methods and keys must be stored somewhere on the local system, and are thus inherently accessible with varying degrees of effort. Perhaps this issue should not be included in CVE.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/421921/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/422283/100… mailing-listx_refsource_BUGTRAQ
    http://www.msn-password-recovery.com/ x_refsource_MISC
    Date Public
    2006-01-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:34:14.654Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060113 Re: MSN Messenger Password Decrypter for WinXP/2003",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/421921/100/0/threaded"
              },
              {
                "name": "20060117 Re: MSN Messenger Password Decrypter for WinXP/2003",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/422283/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.msn-password-recovery.com/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-01-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The \"Remember my Password\" feature in MSN Messenger 7.5 stores passwords in an encrypted format under the HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Creds registry key, which might allow local users to obtain the original passwords via a program that calls CryptUnprotectData, as demonstrated by the \"MSN Password Recovery.exe\" program.  NOTE: it could be argued that local-only password recovery is inherently insecure because the decryption methods and keys must be stored somewhere on the local system, and are thus inherently accessible with varying degrees of effort.  Perhaps this issue should not be included in CVE."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-19T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060113 Re: MSN Messenger Password Decrypter for WinXP/2003",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/421921/100/0/threaded"
            },
            {
              "name": "20060117 Re: MSN Messenger Password Decrypter for WinXP/2003",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/422283/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.msn-password-recovery.com/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-0363",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The \"Remember my Password\" feature in MSN Messenger 7.5 stores passwords in an encrypted format under the HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Creds registry key, which might allow local users to obtain the original passwords via a program that calls CryptUnprotectData, as demonstrated by the \"MSN Password Recovery.exe\" program.  NOTE: it could be argued that local-only password recovery is inherently insecure because the decryption methods and keys must be stored somewhere on the local system, and are thus inherently accessible with varying degrees of effort.  Perhaps this issue should not be included in CVE."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060113 Re: MSN Messenger Password Decrypter for WinXP/2003",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/421921/100/0/threaded"
                },
                {
                  "name": "20060117 Re: MSN Messenger Password Decrypter for WinXP/2003",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/422283/100/0/threaded"
                },
                {
                  "name": "http://www.msn-password-recovery.com/",
                  "refsource": "MISC",
                  "url": "http://www.msn-password-recovery.com/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-0363",
        "datePublished": "2006-01-22T20:00:00.000Z",
        "dateReserved": "2006-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:34:14.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-0562 (GCVE-0-2005-0562)

    Vulnerability from nvd – Published: 2005-04-13 04:00 – Updated: 2024-08-07 21:21
    VLAI
    Summary
    GIF file validation error in MSN Messenger 6.2 allows remote attackers in a user's contact list to execute arbitrary code via a GIF image with an improper height and width.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.kb.cert.org/vuls/id/633446 third-party-advisoryx_refsource_CERT-VN
    http://secunia.com/advisories/14915/ third-party-advisoryx_refsource_SECUNIA
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.us-cert.gov/cas/techalerts/TA05-102A.html third-party-advisoryx_refsource_CERT
    Date Public
    2005-04-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T21:21:05.789Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "msn-messenger-gif-execute-code(19950)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19950"
              },
              {
                "name": "VU#633446",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/633446"
              },
              {
                "name": "14915",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/14915/"
              },
              {
                "name": "MS05-022",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-022"
              },
              {
                "name": "oval:org.mitre.oval:def:4927",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4927"
              },
              {
                "name": "TA05-102A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA05-102A.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-04-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GIF file validation error in MSN Messenger 6.2 allows remote attackers in a user\u0027s contact list to execute arbitrary code via a GIF image with an improper height and width."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "msn-messenger-gif-execute-code(19950)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19950"
            },
            {
              "name": "VU#633446",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/633446"
            },
            {
              "name": "14915",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/14915/"
            },
            {
              "name": "MS05-022",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-022"
            },
            {
              "name": "oval:org.mitre.oval:def:4927",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4927"
            },
            {
              "name": "TA05-102A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA05-102A.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2005-0562",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GIF file validation error in MSN Messenger 6.2 allows remote attackers in a user\u0027s contact list to execute arbitrary code via a GIF image with an improper height and width."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "msn-messenger-gif-execute-code(19950)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19950"
                },
                {
                  "name": "VU#633446",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/633446"
                },
                {
                  "name": "14915",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/14915/"
                },
                {
                  "name": "MS05-022",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-022"
                },
                {
                  "name": "oval:org.mitre.oval:def:4927",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4927"
                },
                {
                  "name": "TA05-102A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA05-102A.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2005-0562",
        "datePublished": "2005-04-13T04:00:00.000Z",
        "dateReserved": "2005-02-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T21:21:05.789Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0597 (GCVE-0-2004-0597)

    Vulnerability from nvd – Published: 2004-08-05 04:00 – Updated: 2024-08-08 00:24
    VLAI
    Summary
    Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.trustix.net/errata/2004/0040/ vendor-advisoryx_refsource_TRUSTIX
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.mozilla.org/projects/security/known-vu… x_refsource_CONFIRM
    ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-20… vendor-advisoryx_refsource_SCO
    http://www.redhat.com/support/errata/RHSA-2004-421.html vendor-advisoryx_refsource_REDHAT
    http://www.redhat.com/support/errata/RHSA-2004-402.html vendor-advisoryx_refsource_REDHAT
    http://www.gentoo.org/security/en/glsa/glsa-20040… vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/22958 third-party-advisoryx_refsource_SECUNIA
    http://sunsolve.sun.com/search/document.do?assetk… x_refsource_CONFIRM
    http://marc.info/?l=bugtraq&m=109900315219363&w=2 vendor-advisoryx_refsource_FEDORA
    https://bugzilla.fedora.us/show_bug.cgi?id=1943 vendor-advisoryx_refsource_FEDORA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.us-cert.gov/cas/techalerts/TA05-039A.html third-party-advisoryx_refsource_CERT
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://marc.info/?l=bugtraq&m=109761239318458&w=2 vendor-advisoryx_refsource_SCO
    http://scary.beasts.org/security/CESA-2004-001.txt x_refsource_MISC
    http://www.redhat.com/support/errata/RHSA-2004-429.html vendor-advisoryx_refsource_REDHAT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.securityfocus.com/bid/15495 vdb-entryx_refsource_BID
    http://www.debian.org/security/2004/dsa-536 vendor-advisoryx_refsource_DEBIAN
    http://www.kb.cert.org/vuls/id/388984 third-party-advisoryx_refsource_CERT-VN
    http://lists.apple.com/mhonarc/security-announce/… vendor-advisoryx_refsource_APPLE
    http://www.kb.cert.org/vuls/id/817368 third-party-advisoryx_refsource_CERT-VN
    http://marc.info/?l=bugtraq&m=109163866717909&w=2 mailing-listx_refsource_BUGTRAQ
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://marc.info/?l=bugtraq&m=109181639602978&w=2 vendor-advisoryx_refsource_HP
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.us-cert.gov/cas/techalerts/TA04-217A.html third-party-advisoryx_refsource_CERT
    http://www.adobe.com/support/downloads/detail.jsp… x_refsource_CONFIRM
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://marc.info/?l=bugtraq&m=110796779903455&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.coresecurity.com/common/showdoc.php?id… x_refsource_MISC
    http://distro.conectiva.com.br/atualizacoes/?id=a… vendor-advisoryx_refsource_CONECTIVA
    http://www.securityfocus.com/bid/10857 vdb-entryx_refsource_BID
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://www.gentoo.org/security/en/glsa/glsa-20040… vendor-advisoryx_refsource_GENTOO
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRAKE
    http://secunia.com/advisories/22957 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2004-08-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:24:26.488Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "2004-0040",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_TRUSTIX",
                  "x_transferred"
                ],
                "url": "http://www.trustix.net/errata/2004/0040/"
              },
              {
                "name": "200663",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200663-1"
              },
              {
                "name": "oval:org.mitre.oval:def:2274",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2274"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html"
              },
              {
                "name": "SCOSA-2005.49",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SCO",
                  "x_transferred"
                ],
                "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
              },
              {
                "name": "RHSA-2004:421",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"
              },
              {
                "name": "RHSA-2004:402",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-402.html"
              },
              {
                "name": "GLSA-200408-22",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml"
              },
              {
                "name": "22958",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22958"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-114816-02-1"
              },
              {
                "name": "FLSA:2089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2"
              },
              {
                "name": "FLSA:1943",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://bugzilla.fedora.us/show_bug.cgi?id=1943"
              },
              {
                "name": "oval:org.mitre.oval:def:594",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A594"
              },
              {
                "name": "TA05-039A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
              },
              {
                "name": "libpng-pnghandle-bo(16894)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16894"
              },
              {
                "name": "SCOSA-2004.16",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SCO",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=109761239318458\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://scary.beasts.org/security/CESA-2004-001.txt"
              },
              {
                "name": "RHSA-2004:429",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-429.html"
              },
              {
                "name": "oval:org.mitre.oval:def:2378",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2378"
              },
              {
                "name": "15495",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/15495"
              },
              {
                "name": "DSA-536",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2004/dsa-536"
              },
              {
                "name": "VU#388984",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/388984"
              },
              {
                "name": "APPLE-SA-2004-09-09",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/mhonarc/security-announce/msg00056.html"
              },
              {
                "name": "VU#817368",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/817368"
              },
              {
                "name": "20040804 [OpenPKG-SA-2004.035] OpenPKG Security Advisory (png)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=109163866717909\u0026w=2"
              },
              {
                "name": "oval:org.mitre.oval:def:4492",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4492"
              },
              {
                "name": "SSRT4778",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=109181639602978\u0026w=2"
              },
              {
                "name": "MS05-009",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-009"
              },
              {
                "name": "MDKSA-2006:213",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:213"
              },
              {
                "name": "TA04-217A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA04-217A.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679"
              },
              {
                "name": "oval:org.mitre.oval:def:7709",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7709"
              },
              {
                "name": "MDKSA-2006:212",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:212"
              },
              {
                "name": "20050209 MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=110796779903455\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.coresecurity.com/common/showdoc.php?idx=421\u0026idxseccion=10"
              },
              {
                "name": "CLA-2004:856",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CONECTIVA",
                  "x_transferred"
                ],
                "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000856"
              },
              {
                "name": "10857",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/10857"
              },
              {
                "name": "SUSE-SA:2004:023",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2004_23_libpng.html"
              },
              {
                "name": "GLSA-200408-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-03.xml"
              },
              {
                "name": "oval:org.mitre.oval:def:11284",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11284"
              },
              {
                "name": "MDKSA-2004:079",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:079"
              },
              {
                "name": "22957",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22957"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-08-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "2004-0040",
              "tags": [
                "vendor-advisory",
                "x_refsource_TRUSTIX"
              ],
              "url": "http://www.trustix.net/errata/2004/0040/"
            },
            {
              "name": "200663",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200663-1"
            },
            {
              "name": "oval:org.mitre.oval:def:2274",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2274"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html"
            },
            {
              "name": "SCOSA-2005.49",
              "tags": [
                "vendor-advisory",
                "x_refsource_SCO"
              ],
              "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
            },
            {
              "name": "RHSA-2004:421",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"
            },
            {
              "name": "RHSA-2004:402",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-402.html"
            },
            {
              "name": "GLSA-200408-22",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml"
            },
            {
              "name": "22958",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22958"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-114816-02-1"
            },
            {
              "name": "FLSA:2089",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2"
            },
            {
              "name": "FLSA:1943",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://bugzilla.fedora.us/show_bug.cgi?id=1943"
            },
            {
              "name": "oval:org.mitre.oval:def:594",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A594"
            },
            {
              "name": "TA05-039A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
            },
            {
              "name": "libpng-pnghandle-bo(16894)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16894"
            },
            {
              "name": "SCOSA-2004.16",
              "tags": [
                "vendor-advisory",
                "x_refsource_SCO"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=109761239318458\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://scary.beasts.org/security/CESA-2004-001.txt"
            },
            {
              "name": "RHSA-2004:429",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-429.html"
            },
            {
              "name": "oval:org.mitre.oval:def:2378",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2378"
            },
            {
              "name": "15495",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/15495"
            },
            {
              "name": "DSA-536",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2004/dsa-536"
            },
            {
              "name": "VU#388984",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/388984"
            },
            {
              "name": "APPLE-SA-2004-09-09",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/mhonarc/security-announce/msg00056.html"
            },
            {
              "name": "VU#817368",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/817368"
            },
            {
              "name": "20040804 [OpenPKG-SA-2004.035] OpenPKG Security Advisory (png)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=109163866717909\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:4492",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4492"
            },
            {
              "name": "SSRT4778",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=109181639602978\u0026w=2"
            },
            {
              "name": "MS05-009",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-009"
            },
            {
              "name": "MDKSA-2006:213",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:213"
            },
            {
              "name": "TA04-217A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-217A.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679"
            },
            {
              "name": "oval:org.mitre.oval:def:7709",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7709"
            },
            {
              "name": "MDKSA-2006:212",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:212"
            },
            {
              "name": "20050209 MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=110796779903455\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.coresecurity.com/common/showdoc.php?idx=421\u0026idxseccion=10"
            },
            {
              "name": "CLA-2004:856",
              "tags": [
                "vendor-advisory",
                "x_refsource_CONECTIVA"
              ],
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000856"
            },
            {
              "name": "10857",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/10857"
            },
            {
              "name": "SUSE-SA:2004:023",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2004_23_libpng.html"
            },
            {
              "name": "GLSA-200408-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-03.xml"
            },
            {
              "name": "oval:org.mitre.oval:def:11284",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11284"
            },
            {
              "name": "MDKSA-2004:079",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:079"
            },
            {
              "name": "22957",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22957"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0597",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "2004-0040",
                  "refsource": "TRUSTIX",
                  "url": "http://www.trustix.net/errata/2004/0040/"
                },
                {
                  "name": "200663",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200663-1"
                },
                {
                  "name": "oval:org.mitre.oval:def:2274",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2274"
                },
                {
                  "name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html"
                },
                {
                  "name": "SCOSA-2005.49",
                  "refsource": "SCO",
                  "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
                },
                {
                  "name": "RHSA-2004:421",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"
                },
                {
                  "name": "RHSA-2004:402",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-402.html"
                },
                {
                  "name": "GLSA-200408-22",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml"
                },
                {
                  "name": "22958",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22958"
                },
                {
                  "name": "http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-114816-02-1",
                  "refsource": "CONFIRM",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-114816-02-1"
                },
                {
                  "name": "FLSA:2089",
                  "refsource": "FEDORA",
                  "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2"
                },
                {
                  "name": "FLSA:1943",
                  "refsource": "FEDORA",
                  "url": "https://bugzilla.fedora.us/show_bug.cgi?id=1943"
                },
                {
                  "name": "oval:org.mitre.oval:def:594",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A594"
                },
                {
                  "name": "TA05-039A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
                },
                {
                  "name": "libpng-pnghandle-bo(16894)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16894"
                },
                {
                  "name": "SCOSA-2004.16",
                  "refsource": "SCO",
                  "url": "http://marc.info/?l=bugtraq\u0026m=109761239318458\u0026w=2"
                },
                {
                  "name": "http://scary.beasts.org/security/CESA-2004-001.txt",
                  "refsource": "MISC",
                  "url": "http://scary.beasts.org/security/CESA-2004-001.txt"
                },
                {
                  "name": "RHSA-2004:429",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-429.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:2378",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2378"
                },
                {
                  "name": "15495",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/15495"
                },
                {
                  "name": "DSA-536",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2004/dsa-536"
                },
                {
                  "name": "VU#388984",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/388984"
                },
                {
                  "name": "APPLE-SA-2004-09-09",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/mhonarc/security-announce/msg00056.html"
                },
                {
                  "name": "VU#817368",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/817368"
                },
                {
                  "name": "20040804 [OpenPKG-SA-2004.035] OpenPKG Security Advisory (png)",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=109163866717909\u0026w=2"
                },
                {
                  "name": "oval:org.mitre.oval:def:4492",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4492"
                },
                {
                  "name": "SSRT4778",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=109181639602978\u0026w=2"
                },
                {
                  "name": "MS05-009",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-009"
                },
                {
                  "name": "MDKSA-2006:213",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:213"
                },
                {
                  "name": "TA04-217A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA04-217A.html"
                },
                {
                  "name": "http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679",
                  "refsource": "CONFIRM",
                  "url": "http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679"
                },
                {
                  "name": "oval:org.mitre.oval:def:7709",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7709"
                },
                {
                  "name": "MDKSA-2006:212",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:212"
                },
                {
                  "name": "20050209 MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=110796779903455\u0026w=2"
                },
                {
                  "name": "http://www.coresecurity.com/common/showdoc.php?idx=421\u0026idxseccion=10",
                  "refsource": "MISC",
                  "url": "http://www.coresecurity.com/common/showdoc.php?idx=421\u0026idxseccion=10"
                },
                {
                  "name": "CLA-2004:856",
                  "refsource": "CONECTIVA",
                  "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000856"
                },
                {
                  "name": "10857",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/10857"
                },
                {
                  "name": "SUSE-SA:2004:023",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2004_23_libpng.html"
                },
                {
                  "name": "GLSA-200408-03",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-03.xml"
                },
                {
                  "name": "oval:org.mitre.oval:def:11284",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11284"
                },
                {
                  "name": "MDKSA-2004:079",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:079"
                },
                {
                  "name": "22957",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22957"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0597",
        "datePublished": "2004-08-05T04:00:00.000Z",
        "dateReserved": "2004-06-23T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:24:26.488Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0122 (GCVE-0-2004-0122)

    Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 00:10
    VLAI
    Summary
    Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/9828 vdb-entryx_refsource_BID
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.kb.cert.org/vuls/id/688094 third-party-advisoryx_refsource_CERT-VN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2004-03-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:10:03.814Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "9828",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9828"
              },
              {
                "name": "MS04-010",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-010"
              },
              {
                "name": "VU#688094",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/688094"
              },
              {
                "name": "msn-ms04010-patch(15427)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15427"
              },
              {
                "name": "oval:org.mitre.oval:def:844",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A844"
              },
              {
                "name": "msn-request-view-files(15415)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15415"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-03-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2006-11-01T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "9828",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9828"
            },
            {
              "name": "MS04-010",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-010"
            },
            {
              "name": "VU#688094",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/688094"
            },
            {
              "name": "msn-ms04010-patch(15427)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15427"
            },
            {
              "name": "oval:org.mitre.oval:def:844",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A844"
            },
            {
              "name": "msn-request-view-files(15415)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15415"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0122",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "9828",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9828"
                },
                {
                  "name": "MS04-010",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-010"
                },
                {
                  "name": "VU#688094",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/688094"
                },
                {
                  "name": "msn-ms04010-patch(15427)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15427"
                },
                {
                  "name": "oval:org.mitre.oval:def:844",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A844"
                },
                {
                  "name": "msn-request-view-files(15415)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15415"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0122",
        "datePublished": "2004-09-01T04:00:00.000Z",
        "dateReserved": "2004-02-03T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:10:03.814Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-1831 (GCVE-0-2002-1831)

    Vulnerability from nvd – Published: 2005-06-28 04:00 – Updated: 2024-09-17 00:02
    VLAI
    Summary
    Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.iss.net/security_center/static/9161.php vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/4827 vdb-entryx_refsource_BID
    http://online.securityfocus.com/archive/1/274086 mailing-listx_refsource_BUGTRAQ
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:43:33.552Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "msn-invite-dos(9161)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/9161.php"
              },
              {
                "name": "4827",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/4827"
              },
              {
                "name": "20020523 Re: Misformated message header causes msn messenger to crash",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://online.securityfocus.com/archive/1/274086"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-06-28T04:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "msn-invite-dos(9161)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/9161.php"
            },
            {
              "name": "4827",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/4827"
            },
            {
              "name": "20020523 Re: Misformated message header causes msn messenger to crash",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://online.securityfocus.com/archive/1/274086"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-1831",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "msn-invite-dos(9161)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/9161.php"
                },
                {
                  "name": "4827",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/4827"
                },
                {
                  "name": "20020523 Re: Misformated message header causes msn messenger to crash",
                  "refsource": "BUGTRAQ",
                  "url": "http://online.securityfocus.com/archive/1/274086"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-1831",
        "datePublished": "2005-06-28T04:00:00.000Z",
        "dateReserved": "2005-06-28T04:00:00.000Z",
        "dateUpdated": "2024-09-17T00:02:12.003Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-1698 (GCVE-0-2002-1698)

    Vulnerability from nvd – Published: 2005-06-21 04:00 – Updated: 2024-08-08 03:34
    VLAI
    Summary
    Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via a long FN (font) argument in the message header.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/4675 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://online.securityfocus.com/archive/1/271130 mailing-listx_refsource_BUGTRAQ
    Date Public
    2002-05-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:34:55.778Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "4675",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/4675"
              },
              {
                "name": "msn-font-header-bo(9014)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9014"
              },
              {
                "name": "20020506 Misformated message header causes msn messenger to crash",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://online.securityfocus.com/archive/1/271130"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-05-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via a long FN (font) argument in the message header."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "4675",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/4675"
            },
            {
              "name": "msn-font-header-bo(9014)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9014"
            },
            {
              "name": "20020506 Misformated message header causes msn messenger to crash",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://online.securityfocus.com/archive/1/271130"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-1698",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via a long FN (font) argument in the message header."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "4675",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/4675"
                },
                {
                  "name": "msn-font-header-bo(9014)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9014"
                },
                {
                  "name": "20020506 Misformated message header causes msn messenger to crash",
                  "refsource": "BUGTRAQ",
                  "url": "http://online.securityfocus.com/archive/1/271130"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-1698",
        "datePublished": "2005-06-21T04:00:00.000Z",
        "dateReserved": "2005-06-21T00:00:00.000Z",
        "dateUpdated": "2024-08-08T03:34:55.778Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0472 (GCVE-0-2002-0472)

    Vulnerability from nvd – Published: 2002-06-11 04:00 – Updated: 2024-08-08 02:49
    VLAI
    Summary
    MSN Messenger Service 3.6, and possibly other versions, uses weak authentication when exchanging messages between clients, which allows remote attackers to spoof messages from other users.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2002-03-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:49:28.486Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20020319 Potential vulnerabilities of the Microsoft RVP-based Instant Messaging",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/262906"
              },
              {
                "name": "msn-messenger-message-spoofing(8582)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/8582.php"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.encode-sec.com/esp0202.pdf"
              },
              {
                "name": "4316",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/4316"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-03-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "MSN Messenger Service 3.6, and possibly other versions, uses weak authentication when exchanging messages between clients, which allows remote attackers to spoof messages from other users."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2002-06-15T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20020319 Potential vulnerabilities of the Microsoft RVP-based Instant Messaging",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/262906"
            },
            {
              "name": "msn-messenger-message-spoofing(8582)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/8582.php"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.encode-sec.com/esp0202.pdf"
            },
            {
              "name": "4316",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/4316"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0472",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "MSN Messenger Service 3.6, and possibly other versions, uses weak authentication when exchanging messages between clients, which allows remote attackers to spoof messages from other users."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20020319 Potential vulnerabilities of the Microsoft RVP-based Instant Messaging",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/262906"
                },
                {
                  "name": "msn-messenger-message-spoofing(8582)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/8582.php"
                },
                {
                  "name": "http://www.encode-sec.com/esp0202.pdf",
                  "refsource": "MISC",
                  "url": "http://www.encode-sec.com/esp0202.pdf"
                },
                {
                  "name": "4316",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/4316"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0472",
        "datePublished": "2002-06-11T04:00:00.000Z",
        "dateReserved": "2002-06-07T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:49:28.486Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0155 (GCVE-0-2002-0155)

    Vulnerability from nvd – Published: 2003-04-02 05:00 – Updated: 2024-08-08 02:42
    VLAI
    Summary
    Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/4707 vdb-entryx_refsource_BID
    http://www.cert.org/advisories/CA-2002-13.html third-party-advisoryx_refsource_CERT
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.iss.net/security_center/static/9041.php vdb-entryx_refsource_XF
    http://marc.info/?l=bugtraq&m=102089960531919&w=2 mailing-listx_refsource_BUGTRAQ
    Date Public
    2002-05-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:42:27.554Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "4707",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/4707"
              },
              {
                "name": "CA-2002-13",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.cert.org/advisories/CA-2002-13.html"
              },
              {
                "name": "MS02-022",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-022"
              },
              {
                "name": "msn-chatcontrol-resdll-bo(9041)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/9041.php"
              },
              {
                "name": "20020508 ADVISORY: MSN Messenger OCX Buffer Overflow",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=102089960531919\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-05-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2003-03-20T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "4707",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/4707"
            },
            {
              "name": "CA-2002-13",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.cert.org/advisories/CA-2002-13.html"
            },
            {
              "name": "MS02-022",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-022"
            },
            {
              "name": "msn-chatcontrol-resdll-bo(9041)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/9041.php"
            },
            {
              "name": "20020508 ADVISORY: MSN Messenger OCX Buffer Overflow",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=102089960531919\u0026w=2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0155",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "4707",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/4707"
                },
                {
                  "name": "CA-2002-13",
                  "refsource": "CERT",
                  "url": "http://www.cert.org/advisories/CA-2002-13.html"
                },
                {
                  "name": "MS02-022",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-022"
                },
                {
                  "name": "msn-chatcontrol-resdll-bo(9041)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/9041.php"
                },
                {
                  "name": "20020508 ADVISORY: MSN Messenger OCX Buffer Overflow",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=102089960531919\u0026w=2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0155",
        "datePublished": "2003-04-02T05:00:00.000Z",
        "dateReserved": "2002-03-19T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:42:27.554Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0228 (GCVE-0-2002-0228)

    Vulnerability from nvd – Published: 2002-05-03 04:00 – Updated: 2024-08-08 02:42
    VLAI
    Summary
    Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://online.securityfocus.com/archive/1/254021 mailing-listx_refsource_BUGTRAQ
    http://www.iss.net/security_center/static/8084.php vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/4028 vdb-entryx_refsource_BID
    Date Public
    2002-02-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:42:28.577Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20020202 MSN Messenger reveals your name to websites (and can reveal email addresses too)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://online.securityfocus.com/archive/1/254021"
              },
              {
                "name": "msn-messenger-reveal-information(8084)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/8084.php"
              },
              {
                "name": "4028",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/4028"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-02-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2002-05-09T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20020202 MSN Messenger reveals your name to websites (and can reveal email addresses too)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://online.securityfocus.com/archive/1/254021"
            },
            {
              "name": "msn-messenger-reveal-information(8084)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/8084.php"
            },
            {
              "name": "4028",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/4028"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0228",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20020202 MSN Messenger reveals your name to websites (and can reveal email addresses too)",
                  "refsource": "BUGTRAQ",
                  "url": "http://online.securityfocus.com/archive/1/254021"
                },
                {
                  "name": "msn-messenger-reveal-information(8084)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/8084.php"
                },
                {
                  "name": "4028",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/4028"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0228",
        "datePublished": "2002-05-03T04:00:00.000Z",
        "dateReserved": "2002-05-01T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:42:28.577Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2931 (GCVE-0-2007-2931)

    Vulnerability from cvelistv5 – Published: 2007-08-31 22:00 – Updated: 2024-08-07 13:57
    VLAI
    Summary
    Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/26570 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/25461 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2007/2987 vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1018622 vdb-entryx_refsource_SECTRACK
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.team509.com/modules.php?name=News&file… x_refsource_MISC
    http://osvdb.org/40126 vdb-entryx_refsource_OSVDB
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.us-cert.gov/cas/techalerts/TA07-254A.html third-party-advisoryx_refsource_CERT
    http://www.kb.cert.org/vuls/id/166521 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2007-08-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:57:54.657Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "26570",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26570"
              },
              {
                "name": "msnmessenger-video-bo(36314)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36314"
              },
              {
                "name": "25461",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25461"
              },
              {
                "name": "ADV-2007-2987",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2987"
              },
              {
                "name": "1018622",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018622"
              },
              {
                "name": "oval:org.mitre.oval:def:2063",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2063"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.team509.com/modules.php?name=News\u0026file=article\u0026sid=50"
              },
              {
                "name": "40126",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/40126"
              },
              {
                "name": "MS07-054",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-054"
              },
              {
                "name": "TA07-254A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA07-254A.html"
              },
              {
                "name": "VU#166521",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/166521"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-08-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "26570",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26570"
            },
            {
              "name": "msnmessenger-video-bo(36314)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36314"
            },
            {
              "name": "25461",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25461"
            },
            {
              "name": "ADV-2007-2987",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2987"
            },
            {
              "name": "1018622",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018622"
            },
            {
              "name": "oval:org.mitre.oval:def:2063",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2063"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.team509.com/modules.php?name=News\u0026file=article\u0026sid=50"
            },
            {
              "name": "40126",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/40126"
            },
            {
              "name": "MS07-054",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-054"
            },
            {
              "name": "TA07-254A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-254A.html"
            },
            {
              "name": "VU#166521",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/166521"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2007-2931",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "26570",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26570"
                },
                {
                  "name": "msnmessenger-video-bo(36314)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36314"
                },
                {
                  "name": "25461",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25461"
                },
                {
                  "name": "ADV-2007-2987",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2987"
                },
                {
                  "name": "1018622",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018622"
                },
                {
                  "name": "oval:org.mitre.oval:def:2063",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2063"
                },
                {
                  "name": "http://www.team509.com/modules.php?name=News\u0026file=article\u0026sid=50",
                  "refsource": "MISC",
                  "url": "http://www.team509.com/modules.php?name=News\u0026file=article\u0026sid=50"
                },
                {
                  "name": "40126",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/40126"
                },
                {
                  "name": "MS07-054",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-054"
                },
                {
                  "name": "TA07-254A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA07-254A.html"
                },
                {
                  "name": "VU#166521",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/166521"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2007-2931",
        "datePublished": "2007-08-31T22:00:00.000Z",
        "dateReserved": "2007-05-30T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:57:54.657Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-3436 (GCVE-0-2007-3436)

    Vulnerability from cvelistv5 – Published: 2007-06-27 00:00 – Updated: 2024-08-07 14:14
    VLAI
    Summary
    Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2007-06-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:14:13.247Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45427",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/45427"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.sipera.com/index.php?action=resources%2Cthreat_advisory\u0026tid=292\u0026"
              },
              {
                "name": "msnmessenger-sip-weak-security(35064)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35064"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-06-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "45427",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/45427"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.sipera.com/index.php?action=resources%2Cthreat_advisory\u0026tid=292\u0026"
            },
            {
              "name": "msnmessenger-sip-weak-security(35064)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35064"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-3436",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45427",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/45427"
                },
                {
                  "name": "http://www.sipera.com/index.php?action=resources,threat_advisory\u0026tid=292\u0026",
                  "refsource": "MISC",
                  "url": "http://www.sipera.com/index.php?action=resources,threat_advisory\u0026tid=292\u0026"
                },
                {
                  "name": "msnmessenger-sip-weak-security(35064)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35064"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-3436",
        "datePublished": "2007-06-27T00:00:00.000Z",
        "dateReserved": "2007-06-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:14:13.247Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-0363 (GCVE-0-2006-0363)

    Vulnerability from cvelistv5 – Published: 2006-01-22 20:00 – Updated: 2024-08-07 16:34
    VLAI
    Summary
    The "Remember my Password" feature in MSN Messenger 7.5 stores passwords in an encrypted format under the HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds registry key, which might allow local users to obtain the original passwords via a program that calls CryptUnprotectData, as demonstrated by the "MSN Password Recovery.exe" program. NOTE: it could be argued that local-only password recovery is inherently insecure because the decryption methods and keys must be stored somewhere on the local system, and are thus inherently accessible with varying degrees of effort. Perhaps this issue should not be included in CVE.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/421921/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/422283/100… mailing-listx_refsource_BUGTRAQ
    http://www.msn-password-recovery.com/ x_refsource_MISC
    Date Public
    2006-01-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:34:14.654Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060113 Re: MSN Messenger Password Decrypter for WinXP/2003",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/421921/100/0/threaded"
              },
              {
                "name": "20060117 Re: MSN Messenger Password Decrypter for WinXP/2003",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/422283/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.msn-password-recovery.com/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-01-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The \"Remember my Password\" feature in MSN Messenger 7.5 stores passwords in an encrypted format under the HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Creds registry key, which might allow local users to obtain the original passwords via a program that calls CryptUnprotectData, as demonstrated by the \"MSN Password Recovery.exe\" program.  NOTE: it could be argued that local-only password recovery is inherently insecure because the decryption methods and keys must be stored somewhere on the local system, and are thus inherently accessible with varying degrees of effort.  Perhaps this issue should not be included in CVE."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-19T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060113 Re: MSN Messenger Password Decrypter for WinXP/2003",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/421921/100/0/threaded"
            },
            {
              "name": "20060117 Re: MSN Messenger Password Decrypter for WinXP/2003",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/422283/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.msn-password-recovery.com/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-0363",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The \"Remember my Password\" feature in MSN Messenger 7.5 stores passwords in an encrypted format under the HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL\\Creds registry key, which might allow local users to obtain the original passwords via a program that calls CryptUnprotectData, as demonstrated by the \"MSN Password Recovery.exe\" program.  NOTE: it could be argued that local-only password recovery is inherently insecure because the decryption methods and keys must be stored somewhere on the local system, and are thus inherently accessible with varying degrees of effort.  Perhaps this issue should not be included in CVE."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060113 Re: MSN Messenger Password Decrypter for WinXP/2003",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/421921/100/0/threaded"
                },
                {
                  "name": "20060117 Re: MSN Messenger Password Decrypter for WinXP/2003",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/422283/100/0/threaded"
                },
                {
                  "name": "http://www.msn-password-recovery.com/",
                  "refsource": "MISC",
                  "url": "http://www.msn-password-recovery.com/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-0363",
        "datePublished": "2006-01-22T20:00:00.000Z",
        "dateReserved": "2006-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:34:14.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-1831 (GCVE-0-2002-1831)

    Vulnerability from cvelistv5 – Published: 2005-06-28 04:00 – Updated: 2024-09-17 00:02
    VLAI
    Summary
    Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.iss.net/security_center/static/9161.php vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/4827 vdb-entryx_refsource_BID
    http://online.securityfocus.com/archive/1/274086 mailing-listx_refsource_BUGTRAQ
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:43:33.552Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "msn-invite-dos(9161)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/9161.php"
              },
              {
                "name": "4827",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/4827"
              },
              {
                "name": "20020523 Re: Misformated message header causes msn messenger to crash",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://online.securityfocus.com/archive/1/274086"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-06-28T04:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "msn-invite-dos(9161)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/9161.php"
            },
            {
              "name": "4827",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/4827"
            },
            {
              "name": "20020523 Re: Misformated message header causes msn messenger to crash",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://online.securityfocus.com/archive/1/274086"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-1831",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "msn-invite-dos(9161)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/9161.php"
                },
                {
                  "name": "4827",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/4827"
                },
                {
                  "name": "20020523 Re: Misformated message header causes msn messenger to crash",
                  "refsource": "BUGTRAQ",
                  "url": "http://online.securityfocus.com/archive/1/274086"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-1831",
        "datePublished": "2005-06-28T04:00:00.000Z",
        "dateReserved": "2005-06-28T04:00:00.000Z",
        "dateUpdated": "2024-09-17T00:02:12.003Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-1698 (GCVE-0-2002-1698)

    Vulnerability from cvelistv5 – Published: 2005-06-21 04:00 – Updated: 2024-08-08 03:34
    VLAI
    Summary
    Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via a long FN (font) argument in the message header.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/4675 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://online.securityfocus.com/archive/1/271130 mailing-listx_refsource_BUGTRAQ
    Date Public
    2002-05-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:34:55.778Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "4675",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/4675"
              },
              {
                "name": "msn-font-header-bo(9014)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9014"
              },
              {
                "name": "20020506 Misformated message header causes msn messenger to crash",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://online.securityfocus.com/archive/1/271130"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-05-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via a long FN (font) argument in the message header."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "4675",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/4675"
            },
            {
              "name": "msn-font-header-bo(9014)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9014"
            },
            {
              "name": "20020506 Misformated message header causes msn messenger to crash",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://online.securityfocus.com/archive/1/271130"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-1698",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via a long FN (font) argument in the message header."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "4675",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/4675"
                },
                {
                  "name": "msn-font-header-bo(9014)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9014"
                },
                {
                  "name": "20020506 Misformated message header causes msn messenger to crash",
                  "refsource": "BUGTRAQ",
                  "url": "http://online.securityfocus.com/archive/1/271130"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-1698",
        "datePublished": "2005-06-21T04:00:00.000Z",
        "dateReserved": "2005-06-21T00:00:00.000Z",
        "dateUpdated": "2024-08-08T03:34:55.778Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-0562 (GCVE-0-2005-0562)

    Vulnerability from cvelistv5 – Published: 2005-04-13 04:00 – Updated: 2024-08-07 21:21
    VLAI
    Summary
    GIF file validation error in MSN Messenger 6.2 allows remote attackers in a user's contact list to execute arbitrary code via a GIF image with an improper height and width.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.kb.cert.org/vuls/id/633446 third-party-advisoryx_refsource_CERT-VN
    http://secunia.com/advisories/14915/ third-party-advisoryx_refsource_SECUNIA
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.us-cert.gov/cas/techalerts/TA05-102A.html third-party-advisoryx_refsource_CERT
    Date Public
    2005-04-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T21:21:05.789Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "msn-messenger-gif-execute-code(19950)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19950"
              },
              {
                "name": "VU#633446",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/633446"
              },
              {
                "name": "14915",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/14915/"
              },
              {
                "name": "MS05-022",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-022"
              },
              {
                "name": "oval:org.mitre.oval:def:4927",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4927"
              },
              {
                "name": "TA05-102A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA05-102A.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-04-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GIF file validation error in MSN Messenger 6.2 allows remote attackers in a user\u0027s contact list to execute arbitrary code via a GIF image with an improper height and width."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "msn-messenger-gif-execute-code(19950)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19950"
            },
            {
              "name": "VU#633446",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/633446"
            },
            {
              "name": "14915",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/14915/"
            },
            {
              "name": "MS05-022",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-022"
            },
            {
              "name": "oval:org.mitre.oval:def:4927",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4927"
            },
            {
              "name": "TA05-102A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA05-102A.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2005-0562",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GIF file validation error in MSN Messenger 6.2 allows remote attackers in a user\u0027s contact list to execute arbitrary code via a GIF image with an improper height and width."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "msn-messenger-gif-execute-code(19950)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19950"
                },
                {
                  "name": "VU#633446",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/633446"
                },
                {
                  "name": "14915",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/14915/"
                },
                {
                  "name": "MS05-022",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-022"
                },
                {
                  "name": "oval:org.mitre.oval:def:4927",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4927"
                },
                {
                  "name": "TA05-102A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA05-102A.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2005-0562",
        "datePublished": "2005-04-13T04:00:00.000Z",
        "dateReserved": "2005-02-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T21:21:05.789Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0122 (GCVE-0-2004-0122)

    Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 00:10
    VLAI
    Summary
    Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/9828 vdb-entryx_refsource_BID
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.kb.cert.org/vuls/id/688094 third-party-advisoryx_refsource_CERT-VN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2004-03-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:10:03.814Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "9828",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9828"
              },
              {
                "name": "MS04-010",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-010"
              },
              {
                "name": "VU#688094",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/688094"
              },
              {
                "name": "msn-ms04010-patch(15427)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15427"
              },
              {
                "name": "oval:org.mitre.oval:def:844",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A844"
              },
              {
                "name": "msn-request-view-files(15415)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15415"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-03-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2006-11-01T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "9828",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9828"
            },
            {
              "name": "MS04-010",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-010"
            },
            {
              "name": "VU#688094",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/688094"
            },
            {
              "name": "msn-ms04010-patch(15427)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15427"
            },
            {
              "name": "oval:org.mitre.oval:def:844",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A844"
            },
            {
              "name": "msn-request-view-files(15415)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15415"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0122",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "9828",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9828"
                },
                {
                  "name": "MS04-010",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-010"
                },
                {
                  "name": "VU#688094",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/688094"
                },
                {
                  "name": "msn-ms04010-patch(15427)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15427"
                },
                {
                  "name": "oval:org.mitre.oval:def:844",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A844"
                },
                {
                  "name": "msn-request-view-files(15415)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15415"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0122",
        "datePublished": "2004-09-01T04:00:00.000Z",
        "dateReserved": "2004-02-03T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:10:03.814Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0597 (GCVE-0-2004-0597)

    Vulnerability from cvelistv5 – Published: 2004-08-05 04:00 – Updated: 2024-08-08 00:24
    VLAI
    Summary
    Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.trustix.net/errata/2004/0040/ vendor-advisoryx_refsource_TRUSTIX
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.mozilla.org/projects/security/known-vu… x_refsource_CONFIRM
    ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-20… vendor-advisoryx_refsource_SCO
    http://www.redhat.com/support/errata/RHSA-2004-421.html vendor-advisoryx_refsource_REDHAT
    http://www.redhat.com/support/errata/RHSA-2004-402.html vendor-advisoryx_refsource_REDHAT
    http://www.gentoo.org/security/en/glsa/glsa-20040… vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/22958 third-party-advisoryx_refsource_SECUNIA
    http://sunsolve.sun.com/search/document.do?assetk… x_refsource_CONFIRM
    http://marc.info/?l=bugtraq&m=109900315219363&w=2 vendor-advisoryx_refsource_FEDORA
    https://bugzilla.fedora.us/show_bug.cgi?id=1943 vendor-advisoryx_refsource_FEDORA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.us-cert.gov/cas/techalerts/TA05-039A.html third-party-advisoryx_refsource_CERT
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://marc.info/?l=bugtraq&m=109761239318458&w=2 vendor-advisoryx_refsource_SCO
    http://scary.beasts.org/security/CESA-2004-001.txt x_refsource_MISC
    http://www.redhat.com/support/errata/RHSA-2004-429.html vendor-advisoryx_refsource_REDHAT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.securityfocus.com/bid/15495 vdb-entryx_refsource_BID
    http://www.debian.org/security/2004/dsa-536 vendor-advisoryx_refsource_DEBIAN
    http://www.kb.cert.org/vuls/id/388984 third-party-advisoryx_refsource_CERT-VN
    http://lists.apple.com/mhonarc/security-announce/… vendor-advisoryx_refsource_APPLE
    http://www.kb.cert.org/vuls/id/817368 third-party-advisoryx_refsource_CERT-VN
    http://marc.info/?l=bugtraq&m=109163866717909&w=2 mailing-listx_refsource_BUGTRAQ
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://marc.info/?l=bugtraq&m=109181639602978&w=2 vendor-advisoryx_refsource_HP
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.us-cert.gov/cas/techalerts/TA04-217A.html third-party-advisoryx_refsource_CERT
    http://www.adobe.com/support/downloads/detail.jsp… x_refsource_CONFIRM
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://marc.info/?l=bugtraq&m=110796779903455&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.coresecurity.com/common/showdoc.php?id… x_refsource_MISC
    http://distro.conectiva.com.br/atualizacoes/?id=a… vendor-advisoryx_refsource_CONECTIVA
    http://www.securityfocus.com/bid/10857 vdb-entryx_refsource_BID
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://www.gentoo.org/security/en/glsa/glsa-20040… vendor-advisoryx_refsource_GENTOO
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRAKE
    http://secunia.com/advisories/22957 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2004-08-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:24:26.488Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "2004-0040",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_TRUSTIX",
                  "x_transferred"
                ],
                "url": "http://www.trustix.net/errata/2004/0040/"
              },
              {
                "name": "200663",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200663-1"
              },
              {
                "name": "oval:org.mitre.oval:def:2274",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2274"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html"
              },
              {
                "name": "SCOSA-2005.49",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SCO",
                  "x_transferred"
                ],
                "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
              },
              {
                "name": "RHSA-2004:421",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"
              },
              {
                "name": "RHSA-2004:402",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-402.html"
              },
              {
                "name": "GLSA-200408-22",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml"
              },
              {
                "name": "22958",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22958"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-114816-02-1"
              },
              {
                "name": "FLSA:2089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2"
              },
              {
                "name": "FLSA:1943",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://bugzilla.fedora.us/show_bug.cgi?id=1943"
              },
              {
                "name": "oval:org.mitre.oval:def:594",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A594"
              },
              {
                "name": "TA05-039A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
              },
              {
                "name": "libpng-pnghandle-bo(16894)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16894"
              },
              {
                "name": "SCOSA-2004.16",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SCO",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=109761239318458\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://scary.beasts.org/security/CESA-2004-001.txt"
              },
              {
                "name": "RHSA-2004:429",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-429.html"
              },
              {
                "name": "oval:org.mitre.oval:def:2378",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2378"
              },
              {
                "name": "15495",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/15495"
              },
              {
                "name": "DSA-536",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2004/dsa-536"
              },
              {
                "name": "VU#388984",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/388984"
              },
              {
                "name": "APPLE-SA-2004-09-09",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/mhonarc/security-announce/msg00056.html"
              },
              {
                "name": "VU#817368",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/817368"
              },
              {
                "name": "20040804 [OpenPKG-SA-2004.035] OpenPKG Security Advisory (png)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=109163866717909\u0026w=2"
              },
              {
                "name": "oval:org.mitre.oval:def:4492",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4492"
              },
              {
                "name": "SSRT4778",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=109181639602978\u0026w=2"
              },
              {
                "name": "MS05-009",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-009"
              },
              {
                "name": "MDKSA-2006:213",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:213"
              },
              {
                "name": "TA04-217A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA04-217A.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679"
              },
              {
                "name": "oval:org.mitre.oval:def:7709",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7709"
              },
              {
                "name": "MDKSA-2006:212",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:212"
              },
              {
                "name": "20050209 MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=110796779903455\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.coresecurity.com/common/showdoc.php?idx=421\u0026idxseccion=10"
              },
              {
                "name": "CLA-2004:856",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CONECTIVA",
                  "x_transferred"
                ],
                "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000856"
              },
              {
                "name": "10857",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/10857"
              },
              {
                "name": "SUSE-SA:2004:023",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2004_23_libpng.html"
              },
              {
                "name": "GLSA-200408-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-03.xml"
              },
              {
                "name": "oval:org.mitre.oval:def:11284",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11284"
              },
              {
                "name": "MDKSA-2004:079",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:079"
              },
              {
                "name": "22957",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22957"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-08-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "2004-0040",
              "tags": [
                "vendor-advisory",
                "x_refsource_TRUSTIX"
              ],
              "url": "http://www.trustix.net/errata/2004/0040/"
            },
            {
              "name": "200663",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200663-1"
            },
            {
              "name": "oval:org.mitre.oval:def:2274",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2274"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html"
            },
            {
              "name": "SCOSA-2005.49",
              "tags": [
                "vendor-advisory",
                "x_refsource_SCO"
              ],
              "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
            },
            {
              "name": "RHSA-2004:421",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"
            },
            {
              "name": "RHSA-2004:402",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-402.html"
            },
            {
              "name": "GLSA-200408-22",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml"
            },
            {
              "name": "22958",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22958"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-114816-02-1"
            },
            {
              "name": "FLSA:2089",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2"
            },
            {
              "name": "FLSA:1943",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://bugzilla.fedora.us/show_bug.cgi?id=1943"
            },
            {
              "name": "oval:org.mitre.oval:def:594",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A594"
            },
            {
              "name": "TA05-039A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
            },
            {
              "name": "libpng-pnghandle-bo(16894)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16894"
            },
            {
              "name": "SCOSA-2004.16",
              "tags": [
                "vendor-advisory",
                "x_refsource_SCO"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=109761239318458\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://scary.beasts.org/security/CESA-2004-001.txt"
            },
            {
              "name": "RHSA-2004:429",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-429.html"
            },
            {
              "name": "oval:org.mitre.oval:def:2378",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2378"
            },
            {
              "name": "15495",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/15495"
            },
            {
              "name": "DSA-536",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2004/dsa-536"
            },
            {
              "name": "VU#388984",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/388984"
            },
            {
              "name": "APPLE-SA-2004-09-09",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/mhonarc/security-announce/msg00056.html"
            },
            {
              "name": "VU#817368",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/817368"
            },
            {
              "name": "20040804 [OpenPKG-SA-2004.035] OpenPKG Security Advisory (png)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=109163866717909\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:4492",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4492"
            },
            {
              "name": "SSRT4778",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=109181639602978\u0026w=2"
            },
            {
              "name": "MS05-009",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-009"
            },
            {
              "name": "MDKSA-2006:213",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:213"
            },
            {
              "name": "TA04-217A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-217A.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679"
            },
            {
              "name": "oval:org.mitre.oval:def:7709",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7709"
            },
            {
              "name": "MDKSA-2006:212",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:212"
            },
            {
              "name": "20050209 MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=110796779903455\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.coresecurity.com/common/showdoc.php?idx=421\u0026idxseccion=10"
            },
            {
              "name": "CLA-2004:856",
              "tags": [
                "vendor-advisory",
                "x_refsource_CONECTIVA"
              ],
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000856"
            },
            {
              "name": "10857",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/10857"
            },
            {
              "name": "SUSE-SA:2004:023",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2004_23_libpng.html"
            },
            {
              "name": "GLSA-200408-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-03.xml"
            },
            {
              "name": "oval:org.mitre.oval:def:11284",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11284"
            },
            {
              "name": "MDKSA-2004:079",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:079"
            },
            {
              "name": "22957",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22957"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0597",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "2004-0040",
                  "refsource": "TRUSTIX",
                  "url": "http://www.trustix.net/errata/2004/0040/"
                },
                {
                  "name": "200663",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200663-1"
                },
                {
                  "name": "oval:org.mitre.oval:def:2274",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2274"
                },
                {
                  "name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html"
                },
                {
                  "name": "SCOSA-2005.49",
                  "refsource": "SCO",
                  "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
                },
                {
                  "name": "RHSA-2004:421",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"
                },
                {
                  "name": "RHSA-2004:402",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-402.html"
                },
                {
                  "name": "GLSA-200408-22",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml"
                },
                {
                  "name": "22958",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22958"
                },
                {
                  "name": "http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-114816-02-1",
                  "refsource": "CONFIRM",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-114816-02-1"
                },
                {
                  "name": "FLSA:2089",
                  "refsource": "FEDORA",
                  "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2"
                },
                {
                  "name": "FLSA:1943",
                  "refsource": "FEDORA",
                  "url": "https://bugzilla.fedora.us/show_bug.cgi?id=1943"
                },
                {
                  "name": "oval:org.mitre.oval:def:594",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A594"
                },
                {
                  "name": "TA05-039A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
                },
                {
                  "name": "libpng-pnghandle-bo(16894)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16894"
                },
                {
                  "name": "SCOSA-2004.16",
                  "refsource": "SCO",
                  "url": "http://marc.info/?l=bugtraq\u0026m=109761239318458\u0026w=2"
                },
                {
                  "name": "http://scary.beasts.org/security/CESA-2004-001.txt",
                  "refsource": "MISC",
                  "url": "http://scary.beasts.org/security/CESA-2004-001.txt"
                },
                {
                  "name": "RHSA-2004:429",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-429.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:2378",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2378"
                },
                {
                  "name": "15495",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/15495"
                },
                {
                  "name": "DSA-536",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2004/dsa-536"
                },
                {
                  "name": "VU#388984",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/388984"
                },
                {
                  "name": "APPLE-SA-2004-09-09",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/mhonarc/security-announce/msg00056.html"
                },
                {
                  "name": "VU#817368",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/817368"
                },
                {
                  "name": "20040804 [OpenPKG-SA-2004.035] OpenPKG Security Advisory (png)",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=109163866717909\u0026w=2"
                },
                {
                  "name": "oval:org.mitre.oval:def:4492",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4492"
                },
                {
                  "name": "SSRT4778",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=109181639602978\u0026w=2"
                },
                {
                  "name": "MS05-009",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-009"
                },
                {
                  "name": "MDKSA-2006:213",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:213"
                },
                {
                  "name": "TA04-217A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA04-217A.html"
                },
                {
                  "name": "http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679",
                  "refsource": "CONFIRM",
                  "url": "http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679"
                },
                {
                  "name": "oval:org.mitre.oval:def:7709",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7709"
                },
                {
                  "name": "MDKSA-2006:212",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:212"
                },
                {
                  "name": "20050209 MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=110796779903455\u0026w=2"
                },
                {
                  "name": "http://www.coresecurity.com/common/showdoc.php?idx=421\u0026idxseccion=10",
                  "refsource": "MISC",
                  "url": "http://www.coresecurity.com/common/showdoc.php?idx=421\u0026idxseccion=10"
                },
                {
                  "name": "CLA-2004:856",
                  "refsource": "CONECTIVA",
                  "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000856"
                },
                {
                  "name": "10857",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/10857"
                },
                {
                  "name": "SUSE-SA:2004:023",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2004_23_libpng.html"
                },
                {
                  "name": "GLSA-200408-03",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-03.xml"
                },
                {
                  "name": "oval:org.mitre.oval:def:11284",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11284"
                },
                {
                  "name": "MDKSA-2004:079",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:079"
                },
                {
                  "name": "22957",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22957"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0597",
        "datePublished": "2004-08-05T04:00:00.000Z",
        "dateReserved": "2004-06-23T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:24:26.488Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0155 (GCVE-0-2002-0155)

    Vulnerability from cvelistv5 – Published: 2003-04-02 05:00 – Updated: 2024-08-08 02:42
    VLAI
    Summary
    Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/4707 vdb-entryx_refsource_BID
    http://www.cert.org/advisories/CA-2002-13.html third-party-advisoryx_refsource_CERT
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.iss.net/security_center/static/9041.php vdb-entryx_refsource_XF
    http://marc.info/?l=bugtraq&m=102089960531919&w=2 mailing-listx_refsource_BUGTRAQ
    Date Public
    2002-05-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:42:27.554Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "4707",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/4707"
              },
              {
                "name": "CA-2002-13",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.cert.org/advisories/CA-2002-13.html"
              },
              {
                "name": "MS02-022",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-022"
              },
              {
                "name": "msn-chatcontrol-resdll-bo(9041)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/9041.php"
              },
              {
                "name": "20020508 ADVISORY: MSN Messenger OCX Buffer Overflow",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=102089960531919\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-05-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2003-03-20T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "4707",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/4707"
            },
            {
              "name": "CA-2002-13",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.cert.org/advisories/CA-2002-13.html"
            },
            {
              "name": "MS02-022",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-022"
            },
            {
              "name": "msn-chatcontrol-resdll-bo(9041)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/9041.php"
            },
            {
              "name": "20020508 ADVISORY: MSN Messenger OCX Buffer Overflow",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=102089960531919\u0026w=2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0155",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "4707",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/4707"
                },
                {
                  "name": "CA-2002-13",
                  "refsource": "CERT",
                  "url": "http://www.cert.org/advisories/CA-2002-13.html"
                },
                {
                  "name": "MS02-022",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-022"
                },
                {
                  "name": "msn-chatcontrol-resdll-bo(9041)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/9041.php"
                },
                {
                  "name": "20020508 ADVISORY: MSN Messenger OCX Buffer Overflow",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=102089960531919\u0026w=2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0155",
        "datePublished": "2003-04-02T05:00:00.000Z",
        "dateReserved": "2002-03-19T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:42:27.554Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0472 (GCVE-0-2002-0472)

    Vulnerability from cvelistv5 – Published: 2002-06-11 04:00 – Updated: 2024-08-08 02:49
    VLAI
    Summary
    MSN Messenger Service 3.6, and possibly other versions, uses weak authentication when exchanging messages between clients, which allows remote attackers to spoof messages from other users.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2002-03-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:49:28.486Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20020319 Potential vulnerabilities of the Microsoft RVP-based Instant Messaging",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/262906"
              },
              {
                "name": "msn-messenger-message-spoofing(8582)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/8582.php"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.encode-sec.com/esp0202.pdf"
              },
              {
                "name": "4316",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/4316"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-03-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "MSN Messenger Service 3.6, and possibly other versions, uses weak authentication when exchanging messages between clients, which allows remote attackers to spoof messages from other users."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2002-06-15T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20020319 Potential vulnerabilities of the Microsoft RVP-based Instant Messaging",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/262906"
            },
            {
              "name": "msn-messenger-message-spoofing(8582)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/8582.php"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.encode-sec.com/esp0202.pdf"
            },
            {
              "name": "4316",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/4316"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0472",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "MSN Messenger Service 3.6, and possibly other versions, uses weak authentication when exchanging messages between clients, which allows remote attackers to spoof messages from other users."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20020319 Potential vulnerabilities of the Microsoft RVP-based Instant Messaging",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/262906"
                },
                {
                  "name": "msn-messenger-message-spoofing(8582)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/8582.php"
                },
                {
                  "name": "http://www.encode-sec.com/esp0202.pdf",
                  "refsource": "MISC",
                  "url": "http://www.encode-sec.com/esp0202.pdf"
                },
                {
                  "name": "4316",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/4316"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0472",
        "datePublished": "2002-06-11T04:00:00.000Z",
        "dateReserved": "2002-06-07T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:49:28.486Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0228 (GCVE-0-2002-0228)

    Vulnerability from cvelistv5 – Published: 2002-05-03 04:00 – Updated: 2024-08-08 02:42
    VLAI
    Summary
    Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://online.securityfocus.com/archive/1/254021 mailing-listx_refsource_BUGTRAQ
    http://www.iss.net/security_center/static/8084.php vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/4028 vdb-entryx_refsource_BID
    Date Public
    2002-02-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:42:28.577Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20020202 MSN Messenger reveals your name to websites (and can reveal email addresses too)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://online.securityfocus.com/archive/1/254021"
              },
              {
                "name": "msn-messenger-reveal-information(8084)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/8084.php"
              },
              {
                "name": "4028",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/4028"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-02-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2002-05-09T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20020202 MSN Messenger reveals your name to websites (and can reveal email addresses too)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://online.securityfocus.com/archive/1/254021"
            },
            {
              "name": "msn-messenger-reveal-information(8084)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/8084.php"
            },
            {
              "name": "4028",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/4028"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0228",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20020202 MSN Messenger reveals your name to websites (and can reveal email addresses too)",
                  "refsource": "BUGTRAQ",
                  "url": "http://online.securityfocus.com/archive/1/254021"
                },
                {
                  "name": "msn-messenger-reveal-information(8084)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/8084.php"
                },
                {
                  "name": "4028",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/4028"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0228",
        "datePublished": "2002-05-03T04:00:00.000Z",
        "dateReserved": "2002-05-01T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:42:28.577Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }