Remote Code Execution Risk in Microsoft Windows Media Products
CVE-2008-3010

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Media Player
Vendor: CVE Published:; 10 December 2008

Summary

The vulnerability in Microsoft Windows Media Player and related components arises from incorrect association of ISATAP addresses with the Local Intranet zone. This flaw enables remote servers to exploit the vulnerability for capturing NTLM credentials. By sending crafted authentication requests, attackers can execute arbitrary code on affected systems, increasing the risk of unauthorized access and exploitation. This vulnerability affects various versions of Windows Media Player and related runtime services, emphasizing the need for timely updates and mitigation strategies.

References

http://www.securitytracker.com/id?1021374

vdb-entryx_refsource_SECTRACK

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.us-cert.gov/cas/techalerts/TA08-344A.html

third-party-advisoryx_refsource_CERT

EPSS Score

41% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 10, 2008
Vulnerability Reserved
Jul 7, 2008