CVE-2008-5828

Name of the Vulnerable Software and Affected Versions Microsoft Windows Live Messenger Client versions 8.5.1 and earlier

Description The issue allows remote attackers to discover intranet IP addresses and port numbers by reading specific header fields when MSN Protocol Version 15 (MSNP15) is used over a NAT session. The readable header fields include IPv4InternalAddrsAndPorts, IPv4Internal-Addrs, and IPv4Internal-Port.

Recommendations For Microsoft Windows Live Messenger Client versions 8.5.1 and earlier, consider disabling the use of MSNP15 over NAT sessions until a fix is available. Restrict access to the IPv4InternalAddrsAndPorts, IPv4Internal-Addrs, and IPv4Internal-Port header fields to minimize the risk of exploitation.