CVE-2010-0278

Windows Live Messenger 2009 build 14.0.8089.726 - Denial of Service via ViewProfile Method

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0278. PoCs published by HACKATTACK IT SECURITY GmbH.

AI-analyzed exploit summary This exploit targets a Denial of Service (DoS) vulnerability in Windows Live Messenger 2009 via an ActiveX control. It sends a long string to the ViewProfile() method, causing a crash in msnmsgr.exe.

Description

A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.

Exploits (1)

exploitdb WORKING POC VERIFIED

by HACKATTACK IT SECURITY GmbH · textdoswindows

https://www.exploit-db.com/exploits/11070

View Code ZIP pw:eip

This exploit targets a Denial of Service (DoS) vulnerability in Windows Live Messenger 2009 via an ActiveX control. It sends a long string to the ViewProfile() method, causing a crash in msnmsgr.exe.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Windows Live Messenger 2009 (Build 14.0.8089.726)

Auth required

Prerequisites: Windows Live Messenger 2009 installed · ActiveX control registered · User must be signed in to Messenger

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/37680

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/508811/100/0/threaded

Scores

EPSS 0.2903

EPSS Percentile 96.6%

Details

Status published

Products (1)

microsoft/windows_live_messenger 2009

Published Jan 12, 2010

Tracked Since Feb 18, 2026