Critical:
Moderately critical
Impact: Exposure of sensitive information
Where: From remote
Software: MSN Messenger 6.x
Description:
qFox and Mephisto have discovered a vulnerability in Microsoft MSN Messenger, allowing malicious people to retrieve files from a vulnerable system.
The problem is that a malicious person can send a specially crafted request which can retrieve files from known locations. This can be exploited to retrieve any file which the current user got read access to.
This affects Microsoft MSN Messenger 6.0 and 6.1.
Solution:
According to Microsoft an update is available:
http://messenger.msn.com/
Provided and/or discovered by:
qFox and Mephisto
Original Advisory:
http://www.microsoft.com/technet/security/Bulletin/MS04-010.mspx
http://secunia.com/advisories/11078/

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic