CVE-2008-0082

CWE-200 — Information Exposure3 documents3 sources

Severity

10.0CRITICAL

EPSS

60.2%

top 1.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Messenger

Timeline

PublishedAug 13

Latest updateMay 1

Description

An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/windows_messenger4.7, 5.1+1

🔴Vulnerability Details

GHSA

GHSA-9w65-px9w-6j3c: An ActiveX control (Messenger↗2022-05-01

▶

CVEList

CVE-2008-0082: An ActiveX control (Messenger↗2008-08-13

▶