An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote malicious users to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft windows messenger 4.7 |
||
microsoft windows messenger 5.1 |