Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5828

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-5828
Last Modified 29 Jan 2009 02:00:25
Published 02 Jan 2009 02:30:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5828

Summary

Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields.

Vulnerable Systems

Application

  • Microsoft Windows Live Messenger 8.0

  • Microsoft Windows Live Messenger 8.1

  • Microsoft Windows Live Messenger 8.5

  • Microsoft Windows Live Messenger 8.5.1


References

BUGTRAQ - 20081229 MSN messenger sends IP addresses Public and Private

SREASON - 4862


Last Updated: 27 May 2016 10:48:56