cvelistv5 - cve-2008-3008

CVE-2008-3008 (GCVE-0-2008-3008)

Vulnerability from cvelistv5 – Published: 2008-09-10 15:00 – Updated: 2024-08-07 09:21

Summary

Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://www.kb.cert.org/vuls/id/996227	third-party-advisoryx_refsource_CERT-VN
	http://marc.info/?l=bugtraq&m=122235754013992&w=2	vendor-advisoryx_refsource_HP
	http://www.securitytracker.com/id?1020832	vdb-entryx_refsource_SECTRACK
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/bid/31065	vdb-entryx_refsource_BID
	http://marc.info/?l=bugtraq&m=122235754013992&w=2	vendor-advisoryx_refsource_HP
	https://www.exploit-db.com/exploits/6454	exploitx_refsource_EXPLOIT-DB
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.us-cert.gov/cas/techalerts/TA08-253A.html	third-party-advisoryx_refsource_CERT
	http://www.vupen.com/english/advisories/2008/2521	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:21:34.933Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#996227",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/996227"
          },
          {
            "name": "HPSBST02372",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
          },
          {
            "name": "1020832",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020832"
          },
          {
            "name": "oval:org.mitre.oval:def:6018",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6018"
          },
          {
            "name": "31065",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31065"
          },
          {
            "name": "SSRT080133",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
          },
          {
            "name": "6454",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/6454"
          },
          {
            "name": "MS08-053",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053"
          },
          {
            "name": "TA08-253A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
          },
          {
            "name": "ADV-2008-2521",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2521"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka \"Windows Media Encoder Buffer Overrun Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "VU#996227",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/996227"
        },
        {
          "name": "HPSBST02372",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
        },
        {
          "name": "1020832",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020832"
        },
        {
          "name": "oval:org.mitre.oval:def:6018",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6018"
        },
        {
          "name": "31065",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31065"
        },
        {
          "name": "SSRT080133",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
        },
        {
          "name": "6454",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/6454"
        },
        {
          "name": "MS08-053",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053"
        },
        {
          "name": "TA08-253A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
        },
        {
          "name": "ADV-2008-2521",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2521"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2008-3008",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka \"Windows Media Encoder Buffer Overrun Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#996227",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/996227"
            },
            {
              "name": "HPSBST02372",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
            },
            {
              "name": "1020832",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020832"
            },
            {
              "name": "oval:org.mitre.oval:def:6018",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6018"
            },
            {
              "name": "31065",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31065"
            },
            {
              "name": "SSRT080133",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
            },
            {
              "name": "6454",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/6454"
            },
            {
              "name": "MS08-053",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053"
            },
            {
              "name": "TA08-253A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
            },
            {
              "name": "ADV-2008-2521",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2521"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2008-3008",
    "datePublished": "2008-09-10T15:00:00",
    "dateReserved": "2008-07-07T00:00:00",
    "dateUpdated": "2024-08-07T09:21:34.933Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:windows_media_encoder:9_series:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8494DA8E-2E88-46FE-9FE1-A09DF53BF1FB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows-nt:2008:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ABC3CA16-2694-4C05-A404-029DB179C47D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows-nt:2008:*:x64:*:*:*:*:*\", \"matchCriteriaId\": \"2B89E436-C99E-4F68-AADD-E5980B346E95\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows-nt:xp:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"73AED29E-B778-4186-8968-EB608E34E540\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:-:*:x64:*:*:*:*:*\", \"matchCriteriaId\": \"FDDFEA49-9B44-498E-B2DB-E1FC778DE7EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:-:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A0607E7-B416-4AF8-ADF6-6E503627DD29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:-:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C0C7D2B-0AA5-4E82-B58B-2668A0EAC2E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:-:sp2:x64:*:*:*:*:*\", \"matchCriteriaId\": \"4D5F7729-A095-43DF-BF2F-B4B6938087FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*\", \"matchCriteriaId\": \"FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka \\\"Windows Media Encoder Buffer Overrun Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de b\\u00fafer basado en pila en el control WMEncProfileManager ActiveX en wmex.dll en Microsoft Windows Media Encoder 9 Series permite a atacantes remotos ejecutar un c\\u00f3digo arbitrario a trav\\u00e9s de un primer argumento largo en el m\\u00e9todo GetDetailsString, tambi\\u00e9n conocido como \\\"Windows Media Encoder Buffer Overrun Vulnerability\\\".\"}]",
      "id": "CVE-2008-3008",
      "lastModified": "2024-11-21T00:48:13.287",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2008-09-11T01:11:47.057",
      "references": "[{\"url\": \"http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/996227\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/31065\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id?1020832\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA08-253A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2521\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6018\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://www.exploit-db.com/exploits/6454\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/996227\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/31065\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id?1020832\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA08-253A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2521\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6018\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/6454\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-3008\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2008-09-11T01:11:47.057\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka \\\"Windows Media Encoder Buffer Overrun Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer basado en pila en el control WMEncProfileManager ActiveX en wmex.dll en Microsoft Windows Media Encoder 9 Series permite a atacantes remotos ejecutar un c\u00f3digo arbitrario a trav\u00e9s de un primer argumento largo en el m\u00e9todo GetDetailsString, tambi\u00e9n conocido como \\\"Windows Media Encoder Buffer Overrun Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:windows_media_encoder:9_series:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8494DA8E-2E88-46FE-9FE1-A09DF53BF1FB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows-nt:2008:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABC3CA16-2694-4C05-A404-029DB179C47D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows-nt:2008:*:x64:*:*:*:*:*\",\"matchCriteriaId\":\"2B89E436-C99E-4F68-AADD-E5980B346E95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows-nt:xp:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"73AED29E-B778-4186-8968-EB608E34E540\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:-:*:x64:*:*:*:*:*\",\"matchCriteriaId\":\"FDDFEA49-9B44-498E-B2DB-E1FC778DE7EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A0607E7-B416-4AF8-ADF6-6E503627DD29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C0C7D2B-0AA5-4E82-B58B-2668A0EAC2E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:-:sp2:x64:*:*:*:*:*\",\"matchCriteriaId\":\"4D5F7729-A095-43DF-BF2F-B4B6938087FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*\",\"matchCriteriaId\":\"FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/996227\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/31065\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1020832\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-253A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2521\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6018\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://www.exploit-db.com/exploits/6454\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/996227\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/31065\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1020832\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-253A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2521\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6018\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/6454\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2008-3008

Vulnerability from fkie_nvd - Published: 2008-09-11 01:11 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://marc.info/?l=bugtraq&m=122235754013992&w=2	Mailing List
secure@microsoft.com	http://www.kb.cert.org/vuls/id/996227	Third Party Advisory, US Government Resource
secure@microsoft.com	http://www.securityfocus.com/bid/31065	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.securitytracker.com/id?1020832	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA08-253A.html	Third Party Advisory, US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2008/2521	Broken Link
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6018
secure@microsoft.com	https://www.exploit-db.com/exploits/6454
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=122235754013992&w=2	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/996227	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/31065	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1020832	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-253A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2521	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6018
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/6454

Impacted products

Vendor	Product	Version
microsoft	windows_media_encoder	9_series
microsoft	windows-nt	2008
microsoft	windows-nt	2008
microsoft	windows-nt	xp
microsoft	windows_2000	-
microsoft	windows_2003_server	-
microsoft	windows_2003_server	-
microsoft	windows_2003_server	-
microsoft	windows_2003_server	-
microsoft	windows_xp	-
microsoft	windows_xp	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:windows_media_encoder:9_series:*:*:*:*:*:*:*",
              "matchCriteriaId": "8494DA8E-2E88-46FE-9FE1-A09DF53BF1FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows-nt:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABC3CA16-2694-4C05-A404-029DB179C47D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows-nt:2008:*:x64:*:*:*:*:*",
              "matchCriteriaId": "2B89E436-C99E-4F68-AADD-E5980B346E95",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows-nt:xp:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "73AED29E-B778-4186-8968-EB608E34E540",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:*:x64:*:*:*:*:*",
              "matchCriteriaId": "FDDFEA49-9B44-498E-B2DB-E1FC778DE7EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "2A0607E7-B416-4AF8-ADF6-6E503627DD29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "3C0C7D2B-0AA5-4E82-B58B-2668A0EAC2E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "4D5F7729-A095-43DF-BF2F-B4B6938087FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka \"Windows Media Encoder Buffer Overrun Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en el control WMEncProfileManager ActiveX en wmex.dll en Microsoft Windows Media Encoder 9 Series permite a atacantes remotos ejecutar un c\u00f3digo arbitrario a trav\u00e9s de un primer argumento largo en el m\u00e9todo GetDetailsString, tambi\u00e9n conocido como \"Windows Media Encoder Buffer Overrun Vulnerability\"."
    }
  ],
  "id": "CVE-2008-3008",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-09-11T01:11:47.057",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/996227"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/31065"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1020832"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2521"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6018"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://www.exploit-db.com/exploits/6454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/996227"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/31065"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1020832"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6018"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/6454"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-P47X-R9F4-V8C6

Vulnerability from github – Published: 2022-05-01 23:55 – Updated: 2022-05-01 23:55

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-3008"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-09-11T01:11:00Z",
    "severity": "HIGH"
  },
  "details": "Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka \"Windows Media Encoder Buffer Overrun Vulnerability.\"",
  "id": "GHSA-p47x-r9f4-v8c6",
  "modified": "2022-05-01T23:55:31Z",
  "published": "2022-05-01T23:55:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3008"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6018"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/6454"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/996227"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/31065"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1020832"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2521"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2008-AVI-450

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été identifiée dans le contrôle ActiveX installé par Windows Media Encoder 9 Series. L'exploitation de celle-ci, par exemple via une page Web spécialement construite, peut entraîner l'exécution de code arbitraire sur un système vulnérable.

Description

Une vulnérabilité a été identifiée dans le contrôle ActiveX wmex.dll installé par Windows Media Encoder 9 Series. Le produit n'est pas installé par défaut mais si c'est le cas, alors le contrôle ActiveX dispose des propriétés SFS (Safe for Scripting). Une personne malveillante peut exploiter cette vulnérabilité par le biais d'une page Web spécialement construite afin de faire exécuter du code arbitraire sur le système vulnérable.

Solution

Se référer au bulletin de sécurité MS08-053 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows Vista, Service Pack 1 et Edition x64 compris ;
Microsoft	Windows	Windows Server 2008 pour systèmes 32-bit ou x64.
Microsoft	Windows	Windows Server 2003 Service Packs 1 et 2, y compris Edition x64 ;
Microsoft	Windows	Windows XP Service Packs 2 et 3 ;
Microsoft	Windows	Windows XP Professionnel Edition x64, Service Pack 2 compris ;
Microsoft	Windows	Microsoft Windows 2000 Service Pack 4 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS08-053 du 09 septembre 2008	None	vendor-advisory
Bulletin de sécurité Microsoft MS08-053 du 09 septembre 2008 :	-	other
Bulletin de sécurité Microsoft MS08-053 du 09 septembre 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows Vista, Service Pack 1 et Edition x64 compris ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes 32-bit ou x64.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2003 Service Packs 1 et 2, y compris Edition x64 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows XP Service Packs 2 et 3 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows XP Professionnel Edition x64, Service Pack 2 compris ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2000 Service Pack 4 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans le contr\u00f4le ActiveX wmex.dll\ninstall\u00e9 par Windows Media Encoder 9 Series. Le produit n\u0027est pas\ninstall\u00e9 par d\u00e9faut mais si c\u0027est le cas, alors le contr\u00f4le ActiveX\ndispose des propri\u00e9t\u00e9s SFS (Safe for Scripting). Une personne\nmalveillante peut exploiter cette vuln\u00e9rabilit\u00e9 par le biais d\u0027une page\nWeb sp\u00e9cialement construite afin de faire ex\u00e9cuter du code arbitraire\nsur le syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS08-053 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-3008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3008"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS08-053 du 09 septembre    2008 :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS08-053.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS08-053 du 09 septembre    2008 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS08-053.mspx"
    }
  ],
  "reference": "CERTA-2008-AVI-450",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-09-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans le contr\u00f4le ActiveX install\u00e9 par\nWindows Media Encoder 9 Series. L\u0027exploitation de celle-ci, par exemple\nvia une page Web sp\u00e9cialement construite, peut entra\u00eener l\u0027ex\u00e9cution de\ncode arbitraire sur un syst\u00e8me vuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Windows Media Encoder 9 Series",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS08-053 du 09 septembre 2008",
      "url": null
    }
  ]
}

CERTA-2008-AVI-450

Vulnerability from certfr_avis - Published: - Updated:

Description

Solution

Se référer au bulletin de sécurité MS08-053 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows Vista, Service Pack 1 et Edition x64 compris ;
Microsoft	Windows	Windows Server 2008 pour systèmes 32-bit ou x64.
Microsoft	Windows	Windows Server 2003 Service Packs 1 et 2, y compris Edition x64 ;
Microsoft	Windows	Windows XP Service Packs 2 et 3 ;
Microsoft	Windows	Windows XP Professionnel Edition x64, Service Pack 2 compris ;
Microsoft	Windows	Microsoft Windows 2000 Service Pack 4 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS08-053 du 09 septembre 2008	None	vendor-advisory
Bulletin de sécurité Microsoft MS08-053 du 09 septembre 2008 :	-	other
Bulletin de sécurité Microsoft MS08-053 du 09 septembre 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows Vista, Service Pack 1 et Edition x64 compris ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes 32-bit ou x64.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2003 Service Packs 1 et 2, y compris Edition x64 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows XP Service Packs 2 et 3 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows XP Professionnel Edition x64, Service Pack 2 compris ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2000 Service Pack 4 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans le contr\u00f4le ActiveX wmex.dll\ninstall\u00e9 par Windows Media Encoder 9 Series. Le produit n\u0027est pas\ninstall\u00e9 par d\u00e9faut mais si c\u0027est le cas, alors le contr\u00f4le ActiveX\ndispose des propri\u00e9t\u00e9s SFS (Safe for Scripting). Une personne\nmalveillante peut exploiter cette vuln\u00e9rabilit\u00e9 par le biais d\u0027une page\nWeb sp\u00e9cialement construite afin de faire ex\u00e9cuter du code arbitraire\nsur le syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS08-053 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-3008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3008"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS08-053 du 09 septembre    2008 :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS08-053.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS08-053 du 09 septembre    2008 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS08-053.mspx"
    }
  ],
  "reference": "CERTA-2008-AVI-450",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-09-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans le contr\u00f4le ActiveX install\u00e9 par\nWindows Media Encoder 9 Series. L\u0027exploitation de celle-ci, par exemple\nvia une page Web sp\u00e9cialement construite, peut entra\u00eener l\u0027ex\u00e9cution de\ncode arbitraire sur un syst\u00e8me vuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Windows Media Encoder 9 Series",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS08-053 du 09 septembre 2008",
      "url": null
    }
  ]
}

GSD-2008-3008

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-3008

Aliases

CVE-2008-3008

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-3008",
    "description": "Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka \"Windows Media Encoder Buffer Overrun Vulnerability.\"",
    "id": "GSD-2008-3008",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2008-3008"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-3008"
      ],
      "details": "Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka \"Windows Media Encoder Buffer Overrun Vulnerability.\"",
      "id": "GSD-2008-3008",
      "modified": "2023-12-13T01:23:06.027933Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2008-3008",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka \"Windows Media Encoder Buffer Overrun Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "VU#996227",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/996227"
          },
          {
            "name": "HPSBST02372",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
          },
          {
            "name": "1020832",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1020832"
          },
          {
            "name": "oval:org.mitre.oval:def:6018",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6018"
          },
          {
            "name": "31065",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/31065"
          },
          {
            "name": "SSRT080133",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
          },
          {
            "name": "6454",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/6454"
          },
          {
            "name": "MS08-053",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053"
          },
          {
            "name": "TA08-253A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
          },
          {
            "name": "ADV-2008-2521",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2521"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:windows_media_encoder:9_series:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:-:sp2:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows-nt:xp:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:-:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:-:*:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows-nt:2008:*:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows-nt:2008:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2008-3008"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka \"Windows Media Encoder Buffer Overrun Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "HPSBST02372",
              "refsource": "HP",
              "tags": [
                "Mailing List"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=122235754013992\u0026w=2"
            },
            {
              "name": "VU#996227",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/996227"
            },
            {
              "name": "TA08-253A",
              "refsource": "CERT",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-253A.html"
            },
            {
              "name": "1020832",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id?1020832"
            },
            {
              "name": "31065",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/31065"
            },
            {
              "name": "ADV-2008-2521",
              "refsource": "VUPEN",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2521"
            },
            {
              "name": "6454",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/6454"
            },
            {
              "name": "oval:org.mitre.oval:def:6018",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6018"
            },
            {
              "name": "MS08-053",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-30T16:26Z",
      "publishedDate": "2008-09-11T01:11Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-3008 (GCVE-0-2008-3008)

FKIE_CVE-2008-3008

GHSA-P47X-R9F4-V8C6

CERTA-2008-AVI-450

Description

Solution

CERTA-2008-AVI-450

Description

Solution

GSD-2008-3008

Tags

Sightings

Nomenclature