CVE-2005-2225

UNKNOWN

Microsoft MSN Messenger allows remote attackers to cause a denial of service via a plaintext message containing the "

Published Jul 12, 2005

Modified 1 years ago

Details

Microsoft MSN Messenger allows remote attackers to cause a denial of service via a plaintext message containing the ".pif" string, which is interpreted as a malicious file extension and causes users to be kicked from a group conversation. NOTE: it has been reported that Gaim is also affected, so this may be an issue in the protocol or MSN servers.

References

WEBhttp://securitytracker.com/id?1014444 WEBhttp://www.digitalparadox.org/viewadvisories.ah?view=45 WEBhttp://www.messenger-blog.com/?p=146 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2005-2225

CVSS Analysis

CVSS v2.0

5.0

Exploitability

Access Vector

NetworkAV:N

Access Complexity

LowAC:L

Authentication

NoneAu:N

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

PartialA:P

5/AV:N/AC:L/Au:N/C:N/I:N/A:P

Ecosystems

Timeline

PublishedJul 12, 2005

ModifiedAug 7, 2024