Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-2931

CWE-20Improper Input ValidationCWE-119Buffer Overflow5 documents4 sources
Severity
9.3CRITICAL
EPSS
61.4%
top 1.68%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft MSN MessengerMicrosoft Windows Live Messenger
Timeline
PublishedAug 31
Latest updateMay 1

Description

Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/msn_messenger6.2, 7.0, 7.5+2

🔴Vulnerability Details

2
GHSA
GHSA-r4f4-2vcp-525p: Heap-based buffer overflow in Microsoft MSN Messenger 62022-05-01
CVEList
CVE-2007-2931: Heap-based buffer overflow in Microsoft MSN Messenger 62007-08-31

💥Exploits & PoCs

2
Exploit-DB
Microsoft MSN Messenger 7.x/8.0? - Video Remote Heap Overflow2007-08-29
Exploit-DB
Microsoft MSN Messenger 8.0 - Video Conversation Buffer Overflow2007-08-28
CVE-2007-2931 (CRITICAL CVSS 9.3) | Heap-based buffer overflow in Micro | cvebase.io