Vadim Pogulievsky

**Name of the Vulnerable Software and Affected Versions** Windows Messenger versions 4.7 through 5.1 **Description** The issue allows remote attackers to control the Messenger application, change its state, obtain contact information, and establish audio or video connections without notification. This is due to an ActiveX control, `Messenger.UIAutomation.1`, being marked as safe-for-scripting. **Recommendations** For Windows Messenger versions 4.7 through 5.1, consider disabling the `Messenger.UIAutomation.1` ActiveX control as a temporary workaround to minimize the risk of exploitation. Restrict access to the Messenger application to prevent unauthorized control and data access.