CVE-2009-0647

Name of the Vulnerable Software and Affected Versions Windows Live Messenger (WLM) 2009 build 14.0.8064.206 and other 14.0.8064.x builds

Description The issue allows remote attackers to cause a denial of service, resulting in an application crash, via a modified header in a packet. This can be achieved by modifying the charset field in the Content-Type header line, possibly using a UTF-8.0 value. Some sources have reported this as a format string vulnerability, although the accuracy of this information is uncertain.

Recommendations For Windows Live Messenger (WLM) 2009 build 14.0.8064.206 and other 14.0.8064.x builds, consider restricting access to the msnmsgr.exe component to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using modified headers in packets to prevent application crashes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.