CVE-2008-5828 (CNNVD-200901-023)

MEDIUM
中文标题:
Microsoft MSN messenger IP地址泄露漏洞
英文标题:
Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is ...
CVSS分数: 5.0
发布时间: 2009-01-02 19:00:00
漏洞类型: 信息泄露
状态: PUBLISHED
数据质量分数: 0.30
数据版本: v3
漏洞描述
中文描述:

MSN messenger是Windows操作系统默认捆绑的即时消息聊天客户端。 如果在NAT会话上使用了MSN协议版本15(MSNP15),Windows Live Messenger客户端允许远程攻击者通过读取Ipv4ExternalAddrsAndPorts、Ipv4InternalAddrsAndPorts头字段找到内部IP地址和端口号。 在聊天会话期间MSN除了传送会话id、Cal等信息外,还会传送Ipv4ExternalAddrsAndPorts、Ipv4InternalAddrsAndPorts,分别代表公开的IP地址和会话者的私有IP地址及端口逻辑。以下是会话的全过程: MSNMSGR:aaaa@hotmail.it MSNSLP/1.0 To: <msnmsgr:aaaa@hotmail.it> From: <msnmsgr:<a href="mailto:bbbbbb@hotmail.it">bbbbbb@hotmail.it> Via: MSNSLP/1.0/TLP ;branch={D4CE435D-8C31-4D80-80EC-576A8294B3B3} CSeq: 0 Call-ID: {00000000-0000-0000-0000-000000000000} Max-Forwards: 0 Content-Type: application/x-msnmsgr-transudpswitch Content-Length: 157 IPv4ExternalAddrsAndPorts: 79.2.165.233:3939 IPv4InternalAddrsAndPorts: 192.168.0.2:3939 SessionID: 729003413 SChannelState: 0 Capabilities-Flags: 1 ######A#########g#######g#######&para;8&raquo;#############INVITE MSNMSGR:<a href="mailto:aaa@hotmail.it">aaa@hotmail.it MSNSLP/1.0 To: <msnmsgr:aaaa@hotmail.it> From: <msnmsgr:<a href="mailto:bbbb@hotmail.it">bbbb@hotmail.it> Via: MSNSLP/1.0/TLP ;branch={31DB585D-3119-40AF-B02B-3D9BAEF32CD0} CSeq: 0 Call-ID: {9A68685A-1FCF-86A1-B639-BA769BA9B514} Max-Forwards: 0 Content-Type: application/x-msnmsgr-transreqbody Content-Length: 270 Bridges: TRUDPv1 TCPv1 SBBridge TURNv1 NetID: -375061937 Conn-Type: Port-Restrict-NAT TCP-Conn-Type: Port-Restrict-NAT UPnPNat: true ICF: false Hashed-Nonce: {D8F5EEB9-2568-FAE8-9460-3FF8DB908381} SessionID: 275007100 SChannelState: 0 Capabilities-Flags: 1 #####MSG 49 D 155 MIME-Version: 1.0 Content-Type: application/x-msnmsgrp2p P2P-Dest: <a href="mailto:bbbb@hotmail.it">bbbb@hotmail.it ####_áEu########g#################A#&para;8&raquo;#g###########ACK 49 MSG 50 D 555 MIME-Version: 1.0 Content-Type: application/x-msnmsgrp2p P2P-Dest: <a href="mailto:bbbb@hotmail.it">bbbb@hotmail.it ####^áEu########&#144;#######&#144;#######&Ocirc;ùH(############MSNSLP/1.0 200 OK To: <msnmsgr:<a href="mailto:bbbbb@hotmail.it">bbbbb@hotmail.it> From: <msnmsgr:aaaa@hotmail.it> Via: MSNSLP/1.0/TLP ;branch={31DB585D-3119-40AF-B02B-3D9BAEF32CD0} CSeq: 1 Call-ID: {9A68685A-1FCF-86A1-B639-BA769BA9B514} Max-Forwards: 0 Content-Type: application/x-msnmsgr-transrespbody Content-Length: 83 Bridge: TCPv1 Listening: false Nonce: {00000000-0000-0000-0000-000000000000} #####ACK 50 MSG <a href="mailto:bbbb@hotmail.it">bbbb@hotmail.it [c=28][i]BBBB[/i][/c] 143 MIME-Version: 1.0 Content-Type: application/x-msnmsgrp2p P2P-Dest: <a href="mailto:aaa@hotmail.it">aaa@hotmail.it ######A#########################^áEu&Ocirc;ùH(&#144;###########MSG <a href="mailto:bbbb@hotmail.it">bbbb@hotmail.it [c=28][i]BBB[/i][/c] 815 MIME-Version: 1.0 Content-Type: application/x-msnmsgrp2p P2P-Dest: aaaa@hotmail.it ######A######### ####### #######àe&raquo;#############INVITE MSNMSGR:aaaa@hotmail.it MSNSLP/1.0 To: <msnmsgr:<a href="mailto:aaa@hotmail.it">aaa@hotmail.it> From: <msnmsgr:<a href="mailto:bbbb@hotmail.it">bbbb@hotmail.it> Via: MSNSLP/1.0/TLP ;branch={5BDF5F91-90FF-4C0F-ACA6-F65A9E30986C} CSeq: 0 Call-ID: {9A68685A-1FCF-86A1-B639-BA769BA9B514} Max-Forwards: 0 Content-Type: application/x-msnmsgr-transrespbody Content-Length: 326 Bridge: TCPv1 Listening: true Conn-Type: Port-Restrict-NAT TCP-Conn-Type: Port-Restrict-NAT Nonce: {2DA8E1E7-CD08-4200-8E62-C2263EAC2D36} IPv4External-Addrs: 79.2.165.233 IPv4External-Port: 3973 IPv4Internal-Addrs: 192.168.0.2 IPv4Internal-Port: 3973 SessionID: 275007100 SChannelState: 0 Capabilities-Flags: 1 这样攻击者就可以自由的访问路由器或网络情况。

英文描述:

Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields.

CWE类型:
CWE-200
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
microsoft windows_live_messenger * - - cpe:2.3:a:microsoft:windows_live_messenger:*:*:*:*:*:*:*:*
microsoft windows_live_messenger 8.0 - - cpe:2.3:a:microsoft:windows_live_messenger:8.0:*:*:*:*:*:*:*
microsoft windows_live_messenger 8.1 - - cpe:2.3:a:microsoft:windows_live_messenger:8.1:*:*:*:*:*:*:*
microsoft windows_live_messenger 8.5 - - cpe:2.3:a:microsoft:windows_live_messenger:8.5:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
4862 third-party-advisory
cve.org
访问
20081229 MSN messenger sends IP addresses Public and Private mailing-list
cve.org
访问
CVSS评分详情
5.0
MEDIUM
CVSS向量: AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS版本: 2.0
机密性
PARTIAL
完整性
NONE
可用性
NONE
时间信息
发布时间:
2009-01-02 19:00:00
修改时间:
2024-08-07 11:04:44
创建时间:
2025-11-11 15:32:57
更新时间:
2025-11-11 15:49:31
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2008-5828 2025-11-11 15:18:05 2025-11-11 07:32:57
NVD nvd_CVE-2008-5828 2025-11-11 14:52:37 2025-11-11 07:41:44
CNNVD cnnvd_CNNVD-200901-023 2025-11-11 15:09:03 2025-11-11 07:49:31
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2025-11-11 15:49:31
vulnerability_type: 未提取 → 信息泄露; cnnvd_id: 未提取 → CNNVD-200901-023; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 信息泄露
  • cnnvd_id: 未提取 -> CNNVD-200901-023
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:41:44
cvss_score: 未提取 → 5.0; cvss_vector: NOT_EXTRACTED → AV:N/AC:L/Au:N/C:P/I:N/A:N; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 4; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • cvss_score: 未提取 -> 5.0
  • cvss_vector: NOT_EXTRACTED -> AV:N/AC:L/Au:N/C:P/I:N/A:N
  • cvss_version: NOT_EXTRACTED -> 2.0
  • affected_products_count: 0 -> 4
  • data_sources: ['cve'] -> ['cve', 'nvd']