Windows Live Messenger Charset Data Remote Denial Of Service Vulnerability
Severity: MEDIUM
CVE Identifier: CVE-2009-0647
Advisory Date: JUL 21, 2015
DESCRIPTION
msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the Content-Type header line. NOTE: this has been reported as a format string vulnerability by some sources, but the provenance of that information is unknown.
TREND MICRO PROTECTION INFORMATION
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1003735
Trend Micro Deep Security DPI Rule Name: 1003735 - Windows Live Messenger Charset Data Remote Denial Of Service Vulnerability
AFFECTED SOFTWARE AND VERSION
- microsoft windows_live_messenger 2009