10
CVE-2008-0082
- EPSS 34.35%
- Veröffentlicht 13.08.2008 00:41:00
- Zuletzt bearbeitet 16.06.2026 22:48:54
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Windows Messenger Version4.7
Microsoft ≫ Windows Messenger Version5.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 34.35% | 0.982 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://marc.info/?l=bugtraq&m=121915960406986&w=2
http://www.us-cert.gov/cas/techalerts/TA08-225A.html
http://secunia.com/advisories/31446
http://www.securityfocus.com/archive/1/495467/100/0/threaded
http://www.securityfocus.com/bid/30551
http://www.securitytracker.com/id?1020681
http://www.vupen.com/english/advisories/2008/2354
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-050
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5995