Buffer Overflow Vulnerability in Windows Media Encoder by Microsoft
CVE-2008-3008

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Media Encoder; Windows-nt; Windows 2000; Windows 2003 Server
Vendor: CVE Published:; 11 September 2008

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 81%

What is CVE-2008-3008?

A stack-based buffer overflow exists in the WMEncProfileManager ActiveX control found in wmex.dll of Microsoft Windows Media Encoder 9 Series. This vulnerability allows remote attackers to execute arbitrary code by providing a long first argument to the GetDetailsString method. If exploited, it may lead to unauthorized access and system compromise, highlighting the importance of updating and safeguarding the affected software.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2008-3008 - Proof of Concept

References

http://www.kb.cert.org/vuls/id/996227

third-party-advisoryx_refsource_CERT-VN

http://marc.info/?l=bugtraq&m=122235754013992&w=2

vendor-advisoryx_refsource_HP

http://www.securitytracker.com/id?1020832

vdb-entryx_refsource_SECTRACK

EPSS Score

81% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Sep 11, 2008
👾
Exploit known to exist
Sep 11, 2008
Vulnerability published
Sep 11, 2008
Vulnerability Reserved
Jul 7, 2008

CVE-2008-3008 Data

JSON