The vulnerability is caused due to boundary errors in libpurple.dll within the processing of MSNSLP messagess. This can be exploited to cause a stack-based buffer overflow without user interaction.