Description
Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field.
Affected products
- Microsoft / msn_messenger1.0 – 1.0
- Microsoft / msn_messenger2.0 – 2.0
- Microsoft / msn_messenger2.2 – 2.2
- Microsoft / msn_messenger3.0 – 3.0
- Microsoft / msn_messenger3.6 – 3.6
- Microsoft / msn_messenger4.0 – 4.0
- Microsoft / msn_messenger4.5 – 4.5
- Microsoft / msn_messenger4.6 – 4.6