CVE-2008-0082

Severity CVSS v4.0:
Pending analysis
Type:
CWE-200 Information Leak / Disclosure
Publication date:
13/08/2008
Last modified:
09/04/2025

Description

An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:microsoft:windows_messenger:4.7:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:windows_messenger:5.1:*:*:*:*:*:*:*