Vulnerability Details : CVE-2008-3009
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
Vulnerability category: Execute code
Products affected by CVE-2008-3009
- cpe:2.3:a:microsoft:windows_media_services:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:windows_media_services:9:*:*:*:*:*:*:*When used together with: Microsoft » Windows Server 2003
- cpe:2.3:a:microsoft:windows_media_services:2008:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:windows_media_player:6.4:*:*:*:*:*:*:*When used together with: Microsoft » Windows Server 2003
- cpe:2.3:a:microsoft:windows_media_format_runtime:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:windows_media_format_runtime:9:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:*:*:*:*:*:*When used together with: Microsoft » Windows Server 2003
- cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:x64:*:*:*:*:*When used together with: Microsoft » Windows Server 2003
- cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:x64:*:*:*:*:*When used together with: Microsoft » Windows Server 2003
Exploit prediction scoring system (EPSS) score for CVE-2008-3009
41.88%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-3009
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2008-3009
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-3009
-
http://www.vupen.com/english/advisories/2008/3388
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.securityfocus.com/bid/32653
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-076
Microsoft Security Bulletin MS08-076 - Important | Microsoft Learn
-
http://www.securitytracker.com/id?1021373
-
http://www.us-cert.gov/cas/techalerts/TA08-344A.html
Microsoft Updates for Multiple Vulnerabilities | CISAUS Government Resource
-
http://www.securitytracker.com/id?1021372
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5942
404 Not Found
-
http://secunia.com/advisories/33058
About Secunia Research | Flexera
Jump to