Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0011

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-0011
Last Modified 07 Mar 2011 10:03:46
Published 11 Jun 2008 10:32:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0011

Summary

Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."

Vulnerable Systems

Application

  • Microsoft Directx 10.0

  • Microsoft Directx 7.0

  • Microsoft Directx 8.1

  • Microsoft Directx 9.0


References

CERT - TA08-162B

BID - 29581

MS - MS08-033

SECTRACK - 1020222

SECUNIA - 30579

VUPEN - ADV-2008-1780

HP - SSRT080087

HP - HPSBST02344


Last Updated: 27 May 2016 10:47:27