CVE-2005-2225 - Microsoft MSN Messenger allows remote attackers to cause a denial of service via a plaintext message

CVE-2005-2225

Summary

Microsoft MSN Messenger allows remote attackers to cause a denial of service via a plaintext message containing the ".pif" string, which is interpreted as a malicious file extension and causes users to be kicked from a group conversation. NOTE: it has been reported that Gaim is also affected, so this may be an issue in the protocol or MSN servers.

References

http://www.digitalparadox.org/viewadvisories.ah?view=45
http://www.messenger-blog.com/?p=146
http://securitytracker.com/id?1014444

Vulnerable Configurations

cpe:2.3:a:microsoft:msn_messenger_service:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:msn_messenger_service:*:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 14-02-2024 - 01:17)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

misc	http://www.digitalparadox.org/viewadvisories.ah?view=45 http://www.messenger-blog.com/?p=146
sectrack	1014444

Last major update

14-02-2024 - 01:17

Published

12-07-2005 - 04:00

Last modified

14-02-2024 - 01:17