Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3250

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-3250
Last Modified 05 Sep 2008 05:06:37
Published 27 Jun 2006 02:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-3250

Summary

Heap-based buffer overflow in Windows Live Messenger 8.0 allows user-assisted attackers to execute arbitrary code via a crafted Contact List (.ctt) file, which triggers the overflow when it is imported by the user.

Vulnerable Systems

Application

  • Microsoft Windows Live Messenger 8.0


References

XF - live-messenger-contact-list-dos(27417)

BID - 18639

BUGTRAQ - 20060625 Windows Live Messenger 8.0 ( Contact List *.ctt ) Heap Overflow

MISC - http://www.jaascois.com/exploits/18602016/

SECTRACK - 1016373

MISC - http://securitydot.net/xpl/exploits/vulnerabilities/articles/1108/exploit.html


Last Updated: 27 May 2016 10:42:56