Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3008

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-3008
Last Modified 07 Mar 2011 10:10:04
Published 10 Sep 2008 09:11:47
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3008

Summary

Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows-nt 2000

  • Microsoft Windows-nt 2003

  • Microsoft Windows-nt Vista

  • Microsoft Windows-nt Xp

Application

  • Microsoft Windows Media Encoder 9 Series


References

CERT - TA08-253A

CERT-VN - VU#996227

MS - MS08-053

VUPEN - ADV-2008-2521

SECTRACK - 1020832

BID - 31065

MILW0RM - 6454

HP - HPSBST02372

HP - SSRT080133


Last Updated: 27 May 2016 10:49:54