MJPEG Decoder Flaw in Microsoft DirectX Products
CVE-2008-0011

Currently unrated

Key Information:

Vendor: Microsoft
Status: Directx
Vendor: CVE Published:; 12 June 2008

What is CVE-2008-0011?

Microsoft DirectX versions 8.1 through 9.0c are susceptible to a vulnerability that fails to adequately validate MJPEG streams. This inadequacy allows remote attackers to exploit this flaw by crafting malicious MJPEG streams contained within AVI or ASF files. When the affected software processes these streams, it could lead to arbitrary code execution, potentially compromising the security and functionality of the system.

References

http://www.vupen.com/english/advisories/2008/1780

vdb-entryx_refsource_VUPEN

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://securitytracker.com/id?1020222

vdb-entryx_refsource_SECTRACK

EPSS Score

69% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2008
Vulnerability Reserved
Dec 13, 2007