Buffer Overflow Vulnerability in Windows Media Encoder by Microsoft
CVE-2008-3008

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Media Encoder; Windows-nt; Windows 2000; Windows 2003 Server
Vendor: CVE Published:; 11 September 2008

What is CVE-2008-3008?

A stack-based buffer overflow exists in the WMEncProfileManager ActiveX control found in wmex.dll of Microsoft Windows Media Encoder 9 Series. This vulnerability allows remote attackers to execute arbitrary code by providing a long first argument to the GetDetailsString method. If exploited, it may lead to unauthorized access and system compromise, highlighting the importance of updating and safeguarding the affected software.

References

http://www.kb.cert.org/vuls/id/996227

third-party-advisoryx_refsource_CERT-VN

http://marc.info/?l=bugtraq&m=122235754013992&w=2

vendor-advisoryx_refsource_HP

http://www.securitytracker.com/id?1020832

vdb-entryx_refsource_SECTRACK

EPSS Score

80% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 11, 2008
Vulnerability Reserved
Jul 7, 2008

JSON