Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0015

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-0015
Last Modified 21 Aug 2010 01:15:06
Published 07 Jul 2009 07:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0015

Summary

Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows 2003 Server -

  • Microsoft Windows Xp

  • Microsoft Windows Xp -


References

CERT - TA09-223A

CERT - TA09-195A

CERT - TA09-187A

CERT-VN - VU#180513

VUPEN - ADV-2009-2232

SECTRACK - 1022514

BID - 35585

BID - 35558

MS - MS09-037

MS - MS09-032

CONFIRM - http://www.microsoft.com/technet/security/advisory/972890.mspx

ISS - 20090706 Multiple Microsoft Video Control ActiveX Remote Code Execution Vulnerabilities

MISC - http://www.csis.dk/dk/nyheder/nyheder.asp?tekstID=799

SECUNIA - 36187

OSVDB - 55651

MISC - http://isc.sans.org/diary.html?storyid=6733

MISC - http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx


Last Updated: 27 May 2016 10:46:38