MS04-010: MSN Messenger Information Disclosure (838512)

low Nessus Plugin ID 12091

Synopsis

It is possible to read files on the remote host.

Description

The remote host is running MSN Messenger.

The remote host appears to be vulnerable to a remote attack wherein an attacker can read any local file that the victim has 'read' access to.

Solution

Microsoft has released a set of patches for Messenger 6.0 and 6.1.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2004/ms04-010

Plugin Details

Severity: Low

ID: 12091

File Name: smb_nt_ms04-010.nasl

Version: 1.37

Type: local

Agent: windows

Published: 3/9/2004

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Low

Base Score: 2.6

Temporal Score: 1.9

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:microsoft:msn_messenger

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 3/9/2004

Vulnerability Publication Date: 3/9/2004

Reference Information

CVE: CVE-2004-0122

BID: 9828

MSFT: MS04-010

MSKB: 838512