CVE-2002-0155

Name of the Vulnerable Software and Affected Versions Microsoft MSN Messenger versions 4.5 through 4.6 Microsoft Exchange Instant Messenger versions 4.5 through 4.6

Description The issue is related to a buffer overflow in the Microsoft MSN Chat ActiveX Control. This control is used in MSN Messenger and Exchange Instant Messenger. The buffer overflow can be triggered by a long ResDLL parameter in the MSNChat OCX, allowing remote attackers to execute arbitrary code.

Recommendations For Microsoft MSN Messenger versions 4.5 through 4.6, consider disabling the MSNChat OCX until a patch is available. For Microsoft Exchange Instant Messenger versions 4.5 through 4.6, restrict access to the MSNChat OCX to minimize the risk of exploitation. Avoid using the ResDLL parameter in the MSNChat OCX until the issue is resolved.