CVE-2008-3009
Last modified
CVE-2008-3009 is a vulnerability of currently unknown severity. Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability.". EPSS estimates a 15.83% chance of exploitation in the next 30 days.
Description
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows Media Player | 6.4 |
| Microsoft | Windows Media Format Runtime | 7.1 |
| Microsoft | Windows Media Services | 4.1 |
| Microsoft | Windows Media Services | 9 |
| Microsoft | Windows Media Services | 2008 |
| Microsoft | Windows Media Format Runtime | 11 |
| Microsoft | Windows Media Format Runtime | 9.5 |
| Microsoft | Windows Media Format Runtime | 9 |
References
- http://www.us-cert.gov/cas/techalerts/TA08-344A.htmlUS Government Resource
- http://www.us-cert.gov/cas/techalerts/TA08-344A.htmlUS Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2008-3009?
How severe is CVE-2008-3009?
How do I fix CVE-2008-3009?
Are you affected by CVE-2008-3009?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST