Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMicrosoftCVE-2008-3010
HistoryDec 10, 2008 - 2:00 p.m.

CVE-2008-3010

2008-12-1014:00:00
CWE-200
microsoft
web.nvd.nist.gov
25
microsoft
windows
isatap
vulnerability
cve-2008-3010
ntlm
remote servers
arbitrary code

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.192

Percentile

96.4%

JSON

Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka “ISATAP Vulnerability.”

Affected configurations

Nvd
Node
microsoftwindows_media_playerMatch6.4
AND
microsoftwindows_2000sp4
OR
microsoftwindows_2003_serversp1
OR
microsoftwindows_2003_serversp2
OR
microsoftwindows_2003_serversp2x64
OR
microsoftwindows_server_2003x64
OR
microsoftwindows_xppro_x64
OR
microsoftwindows_xpsp2
OR
microsoftwindows_xpsp2pro_x64
OR
microsoftwindows_xpsp3
VendorProductVersionCPE
microsoftwindows_media_player6.4cpe:2.3:a:microsoft:windows_media_player:6.4:*:*:*:*:*:*:*
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
microsoftwindows_server_2003*cpe:2.3:o:microsoft:windows_server_2003:*:x64:*:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:*:pro_x64:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

Related

seebug 1
cvelist 1
nvd 1
prion 1
openvas 2
securityvulns 2
nessus 1
seebug
seebug
Microsoft Windows媒体组件ISATAP URL处理信息泄露漏洞(MS08-076)
2008-12-11 00:00:00
cvelist
cvelist
CVE-2008-3010
2008-12-10 13:33:00
nvd
nvd
CVE-2008-3010
2008-12-10 14:00:00
prion
prion
Code injection
2008-12-10 14:00:00
openvas
openvas
Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)
2008-12-10 00:00:00
Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)
2008-12-10 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS08-076 – Important Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)
2008-12-10 00:00:00
Microsoft Windows Media Player multiple security vulnerabilities
2008-12-10 00:00:00
nessus
nessus
MS08-076: Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)
2008-12-10 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.192

Percentile

96.4%

JSON
Related for CVE-2008-3010
seebug1cvelist1nvd1prion1openvas2securityvulns2nessus1