Carmelo Brancato

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Live Messenger Client versions 8.5.1 and earlier **Description** The issue allows remote attackers to discover intranet IP addresses and port numbers by reading specific header fields when MSN Protocol Version 15 (MSNP15) is used over a NAT session. The readable header fields include `IPv4InternalAddrsAndPorts`, `IPv4Internal-Addrs`, and `IPv4Internal-Port`. **Recommendations** For Microsoft Windows Live Messenger Client versions 8.5.1 and earlier, consider disabling the use of MSNP15 over NAT sessions until a fix is available. Restrict access to the `IPv4InternalAddrsAndPorts`, `IPv4Internal-Addrs`, and `IPv4Internal-Port` header fields to minimize the risk of exploitation.