Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field.
Threat-Mapped Scoring
Score: 1.5
Priority: P4 - Informational (Low)
EPSS
Score: 0.09639Percentile:
0.92528
CVSS Scoring
CVSS v2 Score: 5.0
Severity:
Affected Products
cpe:2.3:a:microsoft:msn_messenger:1.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:msn_messenger:2.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:msn_messenger:2.2:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:msn_messenger:3.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:msn_messenger:3.6:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:msn_messenger:4.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:msn_messenger:4.5:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:msn_messenger:4.6:*:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me