CVE-2007-5144

Name of the Vulnerable Software and Affected Versions Windows Live Messenger version 8.1

Description The issue is related to a buffer overflow in the GDI engine, which can be triggered by placing a malformed file in a new folder under the Sharing Folders path and then synchronizing through the Windows MSN Live online service. This can cause a denial of service, resulting in an application or system crash, and potentially allow the execution of arbitrary code. The malformed file can be in various formats, including .jpg, .gif, .wmf, .doc, or .ico.

Recommendations For Windows Live Messenger version 8.1, consider avoiding the use of the synchronize operation through the Windows MSN Live online service until a fix is available. As a temporary workaround, restrict access to the Sharing Folders path to minimize the risk of exploitation.