SPN Vulnerability in Microsoft Windows Media Player and Services
CVE-2008-3009

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Media Player
Vendor: CVE Published:; 10 December 2008

Summary

A vulnerability exists in Microsoft Windows Media Player and Windows Media Services due to improper handling of the Service Principal Name (SPN) identifier when validating authentication requests. This flaw may allow remote servers to exploit NTLM credential reflection methods, leading to arbitrary code execution. Users are advised to apply the available security updates to mitigate the potential risks associated with this vulnerability.

References

http://www.securityfocus.com/bid/32653

vdb-entryx_refsource_BID

http://www.securitytracker.com/id?1021372

vdb-entryx_refsource_SECTRACK

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

41% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 10, 2008
Vulnerability Reserved
Jul 7, 2008