CVE-2009-0647 - Vulnerability Details - OpenCVE

Description

msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the Content-Type header line. NOTE: this has been reported as a format string vulnerability by some sources, but the provenance of that information is unknown.

Published: 2009-02-19

Score: 5.0 Medium

EPSS: 18.6% Moderate

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:microsoft:windows_live_messenger:2009:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.18577.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://secunia.com/advisories/33985
http://www.securityfocus.com/archive/1/501043/100/0/threaded
http://www.securityfocus.com/bid/33825
http://www.vupen.com/english/advisories/2009/0466
https://exchange.xforce.ibmcloud.com/vulnerabilities/48810

History

No history.

Subscriptions

Microsoft Windows Live Messenger

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-02-19T16:00:00.000Z

Updated: 2024-08-07T04:40:05.154Z

Reserved: 2009-02-19T00:00:00.000Z

Link: CVE-2009-0647

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-02-19T16:30:00.563

Modified: 2026-04-23T00:35:47.467

Link: CVE-2009-0647

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-02-18T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the Content-Type header line. NOTE: this has been reported as a format string vulnerability by some sources, but the provenance of that information is unknown."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "33985", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33985"}, {"name": "ADV-2009-0466", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/0466"}, {"name": "wlm-packets-dos(48810)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48810"}, {"name": "33825", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33825"}, {"name": "20090218 RE: hello bug in windows live messenger", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/501043/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0647", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the Content-Type header line. NOTE: this has been reported as a format string vulnerability by some sources, but the provenance of that information is unknown."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "33985", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33985"}, {"name": "ADV-2009-0466", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0466"}, {"name": "wlm-packets-dos(48810)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48810"}, {"name": "33825", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33825"}, {"name": "20090218 RE: hello bug in windows live messenger", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/501043/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:40:05.154Z"}, "title": "CVE Program Container", "references": [{"name": "33985", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33985"}, {"name": "ADV-2009-0466", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/0466"}, {"name": "wlm-packets-dos(48810)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48810"}, {"name": "33825", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/33825"}, {"name": "20090218 RE: hello bug in windows live messenger", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/501043/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0647", "datePublished": "2009-02-19T16:00:00.000Z", "dateReserved": "2009-02-19T00:00:00.000Z", "dateUpdated": "2024-08-07T04:40:05.154Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:windows_live_messenger:2009:*:*:*:*:*:*:*", "matchCriteriaId": "9B6D95AB-30CF-471F-9432-4623590DA603", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the Content-Type header line. NOTE: this has been reported as a format string vulnerability by some sources, but the provenance of that information is unknown."}, {"lang": "es", "value": "El archivo msnmsgr.exe en Windows Live Messenger (WLM) 2009, build 14.0.8064.206, y otras builds 14.0.8064.x, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) por medio de un encabezado modificado en un paquete, como posiblemente sea demostrado mediante un valor UTF-8.0 del campo charset en la l\u00ednea de encabezado Content-Type. NOTA: esto ha sido reportado como una vulnerabilidad de cadena de formato por algunas fuentes, pero la procedencia de esa informaci\u00f3n es desconocida."}], "id": "CVE-2009-0647", "lastModified": "2026-04-23T00:35:47.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-02-19T16:30:00.563", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33985"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/501043/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/33825"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/0466"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48810"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33985"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/501043/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/33825"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/0466"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48810"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}