CVE-2008-3008

Published Sep 11, 2008

Last updated 6 years ago

CVSS info 9.3

Overview

Description: Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability."
Source: secure@microsoft.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:windows_media_encoder:9_series:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8494DA8E-2E88-46FE-9FE1-A09DF53BF1FB"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows-nt:2008:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "ABC3CA16-2694-4C05-A404-029DB179C47D"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows-nt:2008:*:x64:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2B89E436-C99E-4F68-AADD-E5980B346E95"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows-nt:xp:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73AED29E-B778-4186-8968-EB608E34E540"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:*:x64:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDDFEA49-9B44-498E-B2DB-E1FC778DE7EB"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A0607E7-B416-4AF8-ADF6-6E503627DD29"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C0C7D2B-0AA5-4E82-B58B-2668A0EAC2E9"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:sp2:x64:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D5F7729-A095-43DF-BF2F-B4B6938087FA"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References