Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1831

4 documents4 sources
Severity
5.0MEDIUM
EPSS
10.4%
top 6.80%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft MSN Messenger
Timeline
PublishedDec 31
Latest updateApr 30

Description

Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmicrosoft/msn_messenger8 versions+7

🔴Vulnerability Details

2
GHSA
GHSA-25m6-rvg8-32wp: Microsoft MSN Messenger Service 12022-04-30
CVEList
CVE-2002-1831: Microsoft MSN Messenger Service 12005-06-28

💥Exploits & PoCs

1
Exploit-DB
Microsoft MSN Messenger 1 < 4 - Malformed Invite Request Denial of Service2002-05-24
CVE-2002-1831 (MEDIUM CVSS 5) | Microsoft MSN Messenger Service 1.0 | cvebase.io