This page lists publicly disclosed CVE vulnerabilities affecting microsoft windows_live_messenger (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2010-0278 | A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session. | [email protected] | 4.3 | 29.03% | 2010-01-12 | 2026-04-23 |
| CVE-2009-0647 | msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the Content-Type header line. NOTE: this has been reported as a format string vulnerability by some sources, but the provenance of that information is unknown. | [email protected] | 5.0 | 18.58% | 2009-02-19 | 2026-04-23 |
| CVE-2008-5828 | Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields. | [email protected] | 5.0 | 17.85% | 2009-01-02 | 2026-04-23 |
| CVE-2008-5179 | Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet. | [email protected] | 5.0 | 30.15% | 2008-11-20 | 2026-04-23 |
| CVE-2007-5144 | Buffer overflow in the GDI engine in Windows Live Messenger, as used for Windows MSN Live 8.1, allows user-assisted remote attackers to cause a denial of service (application crash or system crash) and possibly execute arbitrary code by placing a malformed file in a new folder under the Sharing Folders path, and triggering a synchronize operation through the Windows MSN Live online service, possibly related to extended file attributes and possibly related to an incomplete fix for MS07-046, as de | [email protected] | 4.3 | 16.58% | 2007-10-01 | 2026-04-23 |
| CVE-2007-2931 | Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions. | [email protected] | 9.3 | 61.72% | 2007-08-31 | 2026-04-23 |
| CVE-2006-6252 | Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons. | [email protected] | 4.3 | 13.29% | 2006-12-04 | 2026-04-23 |
| CVE-2006-3250 | Heap-based buffer overflow in Windows Live Messenger 8.0 allows user-assisted attackers to execute arbitrary code via a crafted Contact List (.ctt) file, which triggers the overflow when it is imported by the user. | [email protected] | 5.1 | 19.86% | 2006-06-27 | 2026-04-16 |