Vulnerability Details : CVE-2008-3008
Public exploit exists!
Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability."
Vulnerability category: OverflowExecute code
Products affected by CVE-2008-3008
- cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:-:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:-:*:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows-nt:xp:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:windows_media_encoder:9_series:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-3008
95.86%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2008-3008
-
Windows Media Encoder 9 wmex.dll ActiveX Buffer Overflow
Disclosure Date: 2008-09-09First seen: 2020-04-26exploit/windows/browser/ms08_053_mediaencoderThis module exploits a stack buffer overflow in Windows Media Encoder 9. When sending an overly long string to the GetDetailsString() method of wmex.dll an attacker may be able to execute arbitrary code. Authors: - MC <mc@metasploit.com>
CVSS scores for CVE-2008-3008
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2008-3008
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-3008
-
http://marc.info/?l=bugtraq&m=122235754013992&w=2
Mailing List
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6018
-
http://www.kb.cert.org/vuls/id/996227
Third Party Advisory;US Government Resource
-
https://www.exploit-db.com/exploits/6454
-
http://www.vupen.com/english/advisories/2008/2521
Broken Link
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053
-
http://www.us-cert.gov/cas/techalerts/TA08-253A.html
Third Party Advisory;US Government Resource
-
http://www.securitytracker.com/id?1020832
Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/31065
Microsoft Windows Media Encoder 9 'wmex.dll' ActiveX Control Remote Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
Jump to