Executive Summary

This important security update resolves a publicly disclosed vulnerability in MSN Messenger and Windows Live Messenger. The vulnerability could allow remote code execution when a user accepts a webcam or video chat invitation from an attacker. An attacker who successfully exploited this vulnerability could take complete control of the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MSN Messenger Webcam or Video Chat Session Remote Code Execution Vulnerability

A remote code execution vulnerability exists in MSN Messenger 6.2, MSN Messenger 7.0, MSN Messenger 7.5, and Windows Live Messenger 8.0. The vulnerability could allow remote code execution when a user chooses to accept a webcam or video chat invitation from an attacker. An attacker who successfully exploited this vulnerability could take complete control of the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2007-2931.

Microsoft thanks the following for working with us to help protect customers: Woo Shi of team 509 for reporting the MSN Messenger Video Chat Remote Code Execution Vulnerability – CVE-2007-2931

Program Information Category: Internet and communication Type: Free Version: 7.0.0820 Size: 10.3MB Works on: Windows Product page: here