CVE-2007-5144

CVE Database · CVE-2007-5144

CVE-2007-5144

· N/AModified

CVSS v3.1

N/A

EPSS

16.50%

Published

Oct 1, 2007

Modified

Apr 22, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Buffer overflow in the GDI engine in Windows Live Messenger, as used for Windows MSN Live 8.1, allows user-assisted remote attackers to cause a denial of service (application crash or system crash) and possibly execute arbitrary code by placing a malformed file in a new folder under the Sharing Folders path, and triggering a synchronize operation through the Windows MSN Live online service, possibly related to extended file attributes and possibly related to an incomplete fix for MS07-046, as demonstrated by a (1) .jpg, (2) .gif, (3) .wmf, (4) .doc, or (5) .ico file.

Weaknesses (CWE)

CWE-119

Affected Products (1)

microsoft · windows_live_messengervulnerable

References (6)

http://lostmon.blogspot.com/2007/09/windows-live-messenger-jpg-overflow.html

http://osvdb.org/45523

http://www.securityfocus.com/bid/25795

http://lostmon.blogspot.com/2007/09/windows-live-messenger-jpg-overflow.html

http://osvdb.org/45523

http://www.securityfocus.com/bid/25795

KEV Catalog EPSS Scores Vendors All CVEs