Vulnerability Description
An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows Messenger | 4.7 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=121915960406986&w=2
- http://secunia.com/advisories/31446Vendor Advisory
- http://www.securityfocus.com/archive/1/495467/100/0/threaded
- http://www.securityfocus.com/bid/30551
- http://www.securitytracker.com/id?1020681
- http://www.us-cert.gov/cas/techalerts/TA08-225A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2008/2354
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-05
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://marc.info/?l=bugtraq&m=121915960406986&w=2
- http://secunia.com/advisories/31446Vendor Advisory
- http://www.securityfocus.com/archive/1/495467/100/0/threaded
- http://www.securityfocus.com/bid/30551
- http://www.securitytracker.com/id?1020681
- http://www.us-cert.gov/cas/techalerts/TA08-225A.htmlUS Government Resource
FAQ
What is CVE-2008-0082?
CVE-2008-0082 is a vulnerability with a CVSS score of 10.0 (HIGH). An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," ...
How severe is CVE-2008-0082?
CVE-2008-0082 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0082?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows Messenger.