vendor:
Windows Live Messenger
by:
Kalashinkov3
7.5
CVSS
HIGH
Arbitrary Code Execution
CWE
Product Name: Windows Live Messenger
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Windows XP SP3
2011
Msn Live Messenger14.0=>Plus! DLL Hijacking Exploit (dwmapi.dll)
This vulnerability allows an attacker to execute arbitrary code by enticing a legitimate user to open a specially crafted Dynamic Linked Library (DLL) file from a network share location using the vulnerable Microsoft Windows Live Messenger application.