Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3010

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-3010
Last Modified 07 Mar 2011 10:10:05
Published 10 Dec 2008 09:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3010

Summary

Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability."

Vulnerable Systems

Application

  • Microsoft Windows Media Player 6.4


References

CERT - TA08-344A

VUPEN - ADV-2008-3388

SECTRACK - 1021375

SECTRACK - 1021374

BID - 32654

MS - MS08-076

SECUNIA - 33058

Related Patches

MS08-076 959807 952068 Security Update for Windows Media Services 9

MS08-076 959807 952069 Security Update for Windows Media Format 9.0

MS08-076 959807 952069 Security Update for Windows Media Format 9.5 (Rev 2)

MS08-076 959807 952069 Security Update for Windows Media Format 7.1

MS08-076 959807 954600 Security Update for Windows Media Player 6.4

MS08-076 959807 952069 Security Update for Windows Media Format 11


Last Updated: 27 May 2016 10:48:04