Lucene search

[email protected]CVE-2008-0015

HistoryJul 07, 2009 - 11:30 p.m.

CVE-2008-0015

2009-07-0723:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve

2008

0015

buffer overflow

ccomvariant

readfromstream

atl

active template library

mpeg2tunerequest

activex

msvidctl.dll

directshow

microsoft windows

remote code execution

web page

exploit

vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.965 High

EPSS

Percentile

99.6%

JSON

Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka “Microsoft Video ActiveX Control Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_2003_serverMatch-sp2

microsoftwindows_2003_serverMatch-sp2itanium

microsoftwindows_2003_serverMatch-sp2x64

microsoftwindows_xpsp2professional_x64

microsoftwindows_xpMatch-sp2

microsoftwindows_xpMatch-sp3

CPENameOperatorVersion
microsoft:windows_2003_servermicrosoft windows 2003 servereq-
microsoft:windows_xpmicrosoft windows xpeq*
microsoft:windows_xpmicrosoft windows xpeq-