| Patch Name : |
WindowsXP-KB946648-x64-ENU.exe |
| Patch Description : |
Security Update for Windows XP x64 Edition (KB946648) |
| Bulletin Id : |
MS08-050 |
| Bulletin Title : |
Vulnerability in Windows Messenger Could Allow Information Disclosure (955702) |
| KnowledgeBase : | 946648 |
| Severity : |
Important |
| Location Path : | WindowsXP-KB946648-x64-ENU.exe |
| Bulletin Summary: |
This security update resolves a publicly reported vulnerability in supported versions of Windows Messenger. As a result of this vulnerability, scripting of an ActiveX control could allow information disclosure in the context of the logged-on user. An attacker could change state, get contact information, and initiate audio and video chat sessions without the knowledge of the logged-on user. An attacker could also capture the userÂs logon ID and remotely log on to the userÂs Messenger client impersonating that user.
This security update is rated Important for all supported editions of Microsoft Windows 2000 and Windows XP, and Moderate for all supported versions of Windows Server 2003. For more information, see the subsection, Affected and Non-Affected Software, in this section.
The security update addresses the vulnerability by locking the ActiveX control so that only authorized applications have access to the control. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information |
| Superceding Bulletin Id : |
None |
| Patch Release Date : |
Aug 12, 2008 |
| CVE Id : | CVE-2008-0082 |
| Affected Product Information |
|
| Product Name |
Service Pack Name |
| Windows Messenger 4.7 (x64) | Windows Messenger x64 gold |
|
| File changes |
|
| File Path |
Version |
| $x64$%programfiles%\Messenger\msgsc.dll | 4.7.0.3002 |
|
| Registry changes |
|
| Registry Path |
Key Name |
Key Value |
| $x64$HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP Version 2003\SP3\KB946648 | | -2 |
|
