PT-2006-4144 · Microsoft · Windows Live Messenger
Published
2006-06-27
·
Updated
2024-02-14
·
CVE-2006-3250
CVSS v2.0
5.1
Medium
| Vector | AV:N/AC:H/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Windows Live Messenger version 8.0
Description
A heap-based buffer overflow issue allows user-assisted attackers to execute arbitrary code via a crafted Contact List (.ctt) file. This overflow is triggered when the crafted file is imported by the user.
Recommendations
For Windows Live Messenger version 8.0, avoid importing .ctt files from untrusted sources until a patch is available. As a temporary workaround, consider restricting the import of Contact List files to minimize the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Windows Live Messenger