Vulnerabilities > CVE-2008-0015 - Buffer Errors vulnerability in Microsoft Windows 2003 Server and Windows XP
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 6 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Exploit-Db
description Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption. CVE-2008-0015. Local exploit for windows platform id EDB-ID:16615 last seen 2016-02-02 modified 2010-04-30 published 2010-04-30 reporter metasploit source https://www.exploit-db.com/download/16615/ title Microsoft DirectShow msvidctl.dll MPEG-2 Memory Corruption description MS Internet Explorer 7 Video ActiveX Remote Buffer Overflow Exploit. CVE-2008-0015. Remote exploit for windows platform id EDB-ID:9108 last seen 2016-02-01 modified 2009-07-10 published 2009-07-10 reporter David Kennedy (ReL1K) source https://www.exploit-db.com/download/9108/ title Microsoft Internet Explorer 7 Video ActiveX Remote Buffer Overflow Exploit
Metasploit
description | This module exploits a memory corruption within the MSVidCtl component of Microsoft DirectShow (BDATuner.MPEG2TuneRequest). By loading a specially crafted GIF file, an attacker can overrun a buffer and execute arbitrary code. ClassID is now configurable via an advanced option (otherwise randomized) - I)ruid |
id | MSF:EXPLOIT/WINDOWS/BROWSER/MSVIDCTL_MPEG2 |
last seen | 2020-06-10 |
modified | 2019-05-23 |
published | 2009-07-07 |
references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0015 |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/msvidctl_mpeg2.rb |
title | Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption |
Msbulletin
bulletin_id MS09-032 bulletin_url date 2009-07-14T00:00:00 impact Remote Code Execution knowledgebase_id 973346 knowledgebase_url severity Critical title Cumulative Security Update of ActiveX Kill Bits bulletin_id MS09-037 bulletin_url date 2009-08-11T00:00:00 impact Remote Code Execution knowledgebase_id 973908 knowledgebase_url severity Critical title Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution
Nessus
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS09-037.NASL description The remote Windows host contains a version of the Microsoft Active Template Library (ATL), included as part of Visual Studio or Visual C++, that is affected by multiple vulnerabilities : - A remote code execution issue affects the Microsoft Video ActiveX Control due to the a flaw in the function last seen 2020-06-01 modified 2020-06-02 plugin id 40556 published 2009-08-11 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40556 title MS09-037: Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(40556); script_version("1.28"); script_cvs_date("Date: 2018/11/15 20:50:30"); script_cve_id("CVE-2008-0015", "CVE-2008-0020", "CVE-2009-0901", "CVE-2009-2493", "CVE-2009-2494"); script_bugtraq_id(35558, 35585, 35828, 35832, 35982); script_xref(name:"MSFT", value:"MS09-037"); script_xref(name:"MSKB", value:"973354"); script_xref(name:"MSKB", value:"973507"); script_xref(name:"MSKB", value:"973540"); script_xref(name:"MSKB", value:"973815"); script_xref(name:"MSKB", value:"973869"); script_xref(name:"IAVA", value:"2009-A-0067"); script_xref(name:"CERT", value:"180513"); script_xref(name:"CERT", value:"456745"); script_xref(name:"EDB-ID", value:"9108"); script_xref(name:"EDB-ID", value:"16615"); script_name(english:"MS09-037: Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)"); script_summary(english:"Checks version of various files"); script_set_attribute(attribute:"synopsis", value: "Arbitrary code can be executed on the remote host through Microsoft Active Template Library."); script_set_attribute(attribute:"description", value: "The remote Windows host contains a version of the Microsoft Active Template Library (ATL), included as part of Visual Studio or Visual C++, that is affected by multiple vulnerabilities : - A remote code execution issue affects the Microsoft Video ActiveX Control due to the a flaw in the function 'CComVariant::ReadFromStream' used in the ATL header, which fails to properly restrict untrusted data read from a stream. (CVE-2008-0015) - A remote code execution issue exists in the Microsoft Active Template Library due to an error in the 'Load' method of the 'IPersistStreamInit' interface, which could allow calls to 'memcpy' with untrusted data. (CVE-2008-0020) - An issue in the ATL headers could allow an attacker to force VariantClear to be called on a VARIANT that has not been correctly initialized and, by supplying a corrupt stream, to execute arbitrary code. (CVE-2009-0901) - Unsafe usage of 'OleLoadFromStream' could allow instantiation of arbitrary objects which can bypass related security policy, such as kill bits within Internet Explorer. (CVE-2009-2493) - A bug in the ATL header could allow reading a variant from a stream and leaving the variant type read with an invalid variant, which could be leveraged by an attacker to execute arbitrary code remotely. (CVE-2009-2494)"); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2009/ms09-037"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for Windows 2000, XP, 2003, Vista and 2008."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(94, 119, 264); script_set_attribute(attribute:"vuln_publication_date", value:"2009/07/06"); script_set_attribute(attribute:"patch_publication_date", value:"2009/08/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/11"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } include("audit.inc"); include("smb_func.inc"); include("smb_hotfixes.inc"); include("smb_hotfixes_fcheck.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS09-037'; kbs = make_list("973354", "973507", "973540", "973815", "973869"); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(win2k:'4,5', xp:'2,3', win2003:'2', vista:'0,2') <= 0) audit(AUDIT_OS_SP_NOT_VULN); rootfile = hotfix_get_systemroot(); if (!rootfile) exit(1, "Failed to get the system root."); share = hotfix_path2share(path:rootfile); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); programfiles = hotfix_get_programfilesdir(); if (!programfiles) exit(1, "Can't determine location of Program Files."); if (tolower(programfiles[0]) != tolower(rootfile[0])) { share = hotfix_path2share(path:programfiles); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); } commonfiles = hotfix_get_officecommonfilesdir(); if (!commonfiles) exit(1, "Can't determine location of Common Files."); vuln = 0; # Media Player. if ( # Vista / Windows Server 2008 hotfix_is_vulnerable(os:"6.0", sp:2, file:"Wmp.dll", version:"11.0.6002.22172", min_version:"11.0.6002.20000", dir:"\System32", bulletin:bulletin, kb:'973540') || hotfix_is_vulnerable(os:"6.0", sp:2, file:"Wmp.dll", version:"11.0.6002.18065", dir:"\System32", bulletin:bulletin, kb:'973540') || hotfix_is_vulnerable(os:"6.0", sp:1, file:"Wmp.dll", version:"11.0.6001.7114", min_version:"11.0.6001.7100", dir:"\System32", bulletin:bulletin, kb:'973540') || hotfix_is_vulnerable(os:"6.0", sp:1, file:"Wmp.dll", version:"11.0.6001.7007", dir:"\System32", bulletin:bulletin, kb:'973540') || hotfix_is_vulnerable(os:"6.0", sp:0, file:"Wmp.dll", version:"11.0.6000.6511", min_version:"11.0.6000.6500", dir:"\System32", bulletin:bulletin, kb:'973540') || hotfix_is_vulnerable(os:"6.0", sp:0, file:"Wmp.dll", version:"11.0.6000.6352", dir:"\System32", bulletin:bulletin, kb:'973540') || # Windows 2003 hotfix_is_vulnerable(os:"5.2", sp:2, file:"Wmp.dll", version:"10.0.0.4006", dir:"\System32", bulletin:bulletin, kb:'973540') || # Windows XP hotfix_is_vulnerable(os:"5.1", sp:3, arch:"x86", file:"Wmp.dll", version:"9.0.0.4507", dir:"\System32", bulletin:bulletin, kb:'973540') || hotfix_is_vulnerable(os:"5.1", sp:2, arch:"x64", file:"Wmp.dll", version:"11.0.5721.5268", min_version:"11.0.0.0", dir:"\System32", bulletin:bulletin, kb:'973540') || hotfix_is_vulnerable(os:"5.1", sp:2, arch:"x64", file:"Wmp.dll", version:"10.0.0.4006", dir:"\System32", bulletin:bulletin, kb:'973540') || hotfix_is_vulnerable(os:"5.1", sp:2, arch:"x86", file:"Wmp.dll", version:"9.0.0.3271", dir:"\System32", bulletin:bulletin, kb:'973540') || # Windows 2000 hotfix_is_vulnerable(os:"5.0", file:"Wmp.dll", version:"9.0.0.3364", dir:"\System32", bulletin:bulletin, kb:'973540') ) vuln++; # ATL. if ( # Vista / Windows Server 2008 hotfix_is_vulnerable(os:"6.0", sp:2, file:"Atl.dll", version:"3.5.2284.2", dir:"\System32", bulletin:bulletin, kb:'973507') || hotfix_is_vulnerable(os:"6.0", sp:1, file:"Atl.dll", version:"3.5.2284.2", dir:"\System32", bulletin:bulletin, kb:'973507') || hotfix_is_vulnerable(os:"6.0", sp:0, file:"Atl.dll", version:"3.5.2284.2", dir:"\System32", bulletin:bulletin, kb:'973507') || # Windows 2003 hotfix_is_vulnerable(os:"5.2", sp:2, file:"Atl.dll", version:"3.5.2284.2", dir:"\System32", bulletin:bulletin, kb:'973507') || # Windows XP hotfix_is_vulnerable(os:"5.1", sp:3, file:"Atl.dll", version:"3.5.2284.2", dir:"\System32", bulletin:bulletin, kb:'973507') || hotfix_is_vulnerable(os:"5.1", sp:2, file:"Atl.dll", version:"3.5.2284.2", dir:"\System32", bulletin:bulletin, kb:'973507') || # Windows 2000 hotfix_is_vulnerable(os:"5.0", file:"Atl.dll", version:"3.0.9793.0", dir:"\System32", bulletin:bulletin, kb:'973507') ) vuln++; # MSWebDVD ActiveX Control. if ( # Vista / Windows Server 2008 # # empty # Windows 2003 hotfix_is_vulnerable(os:"5.2", sp:2, arch:"x86", file:"Mswebdvd.dll", version:"6.5.3790.4564", dir:"\System32", bulletin:bulletin, kb:'973815') || # Windows XP hotfix_is_vulnerable(os:"5.1", sp:3, arch:"x86", file:"Mswebdvd.dll", version:"6.5.2600.5848", dir:"\System32", bulletin:bulletin, kb:'973815') || hotfix_is_vulnerable(os:"5.1", sp:2, arch:"x86", file:"Mswebdvd.dll", version:"6.5.2600.3603", dir:"\System32", bulletin:bulletin, kb:'973815') # Windows 2000 # # empty ) vuln++; # Outlook Express. NetUseDel(close:FALSE); if ( # Vista / Windows Server 2008 # # empty # Windows 2003 hotfix_is_vulnerable(os:"5.2", sp:2, file:"Msoe.dll", version:"6.0.3790.4548", dir:"\Outlook Express", path:programfiles, bulletin:bulletin, kb:'973354') || # Windows XP hotfix_is_vulnerable(os:"5.1", sp:3, arch:"x86", file:"Msoe.dll", version:"6.0.2900.5843", dir:"\Outlook Express", path:programfiles, bulletin:bulletin, kb:'973354') || hotfix_is_vulnerable(os:"5.1", sp:2, arch:"x64", file:"Msoe.dll", version:"6.0.3790.4548", dir:"\Outlook Express", path:programfiles, bulletin:bulletin, kb:'973354') || hotfix_is_vulnerable(os:"5.1", sp:2, arch:"x86", file:"Msoe.dll", version:"6.0.2900.3598", dir:"\Outlook Express", path:programfiles, bulletin:bulletin, kb:'973354') || # Windows 2000 hotfix_is_vulnerable(os:"5.0", file:"Msoe.dll", version:"6.0.2800.1983", min_version:"6.0.0.0", dir:"\Outlook Express", path:programfiles, bulletin:bulletin, kb:'973354') || hotfix_is_vulnerable(os:"5.0", file:"Msoe.dll", version:"5.50.5003.1000", dir:"\Outlook Express", path:programfiles, bulletin:bulletin, kb:'973354') ) vuln++; # DHTML Editing Component ActiveX control/ if (!commonfiles) { hotfix_check_fversion_end(); exit(1, "Can't determine location of Common Files."); } if (typeof(commonfiles) != 'array') { temp = commonfiles; commonfiles = make_array('commonfiles', commonfiles); } checkeddirs = make_array(); NetUseDel(close:FALSE); foreach ver (keys(commonfiles)) { dir = commonfiles[ver]; if (checkeddirs[dir]) continue; checkeddirs[dir] = 1; if ( # Vista / Windows Server 2008 # # empty # Windows 2003 hotfix_is_vulnerable(os:"5.2", sp:2, file:"Dhtmled.ocx", version:"6.1.0.9247", dir:"\Microsoft Shared\Triedit", path:dir, bulletin:bulletin, kb:'973869') || # Windows XP hotfix_is_vulnerable(os:"5.1", sp:3, file:"Dhtmled.ocx", version:"6.1.0.9247", dir:"\Microsoft Shared\Triedit", path:dir, bulletin:bulletin, kb:'973869') || hotfix_is_vulnerable(os:"5.1", sp:2, file:"Dhtmled.ocx", version:"6.1.0.9247", dir:"\Microsoft Shared\Triedit", path:dir, bulletin:bulletin, kb:'973869') || # Windows 2000 hotfix_is_vulnerable(os:"5.0", file:"Dhtmled.ocx", version:"6.1.0.9234", dir:"\Microsoft Shared\Triedit", path:dir, bulletin:bulletin, kb:'973869') ) vuln++; } if (vuln) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }
NASL family Windows : Microsoft Bulletins NASL id SMB_KB_972890.NASL description The remote host is missing a list of kill bits for ActiveX controls that are known to contain vulnerabilities. If these ActiveX controls are ever installed on the remote host, either now or in the future, they would expose it to various security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 39622 published 2009-07-07 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39622 title MS09-032: Cumulative Security Update of ActiveX Kill Bits (973346) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(39622); script_version("1.28"); script_cvs_date("Date: 2018/11/15 20:50:32"); script_cve_id("CVE-2008-0015"); script_bugtraq_id(35558); script_xref(name:"MSFT", value:"MS09-032"); script_xref(name:"MSKB", value:"973346"); script_name(english:"MS09-032: Cumulative Security Update of ActiveX Kill Bits (973346)"); script_summary(english:"Checks kill bits for each affected control"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host is missing a security update containing ActiveX kill bits."); script_set_attribute(attribute:"description", value: "The remote host is missing a list of kill bits for ActiveX controls that are known to contain vulnerabilities. If these ActiveX controls are ever installed on the remote host, either now or in the future, they would expose it to various security issues."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2009/ms09-032"); script_set_attribute( attribute:"solution", value: "Microsoft has released a set of patches for Windows 2000, XP, 2003, Vista and 2008."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(119); script_set_attribute(attribute:"vuln_publication_date", value:"2009/07/06"); script_set_attribute(attribute:"patch_publication_date", value:"2009/07/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include("audit.inc"); include("smb_func.inc"); include("smb_hotfixes.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_activex_func.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS09-032'; kb = '973346'; kbs = make_list(kb); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(win2k:'4,5', xp:'2,3', win2003:'2', vista:'1,2') <= 0) audit(AUDIT_OS_SP_NOT_VULN); if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE); if (activex_init() != ACX_OK) exit(1, "Unable to initialize the ActiveX API."); # Test each control. info = ""; clsids = make_list( "{011B3619-FE63-4814-8A84-15A194CE9CE3}", "{0149EEDF-D08F-4142-8D73-D23903D21E90}", "{0369B4E5-45B6-11D3-B650-00C04F79498E}", "{0369B4E6-45B6-11D3-B650-00C04F79498E}", "{055CB2D7-2969-45CD-914B-76890722F112}", "{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}", "{15D6504A-5494-499C-886C-973C9E53B9F1}", "{1BE49F30-0E1B-11D3-9D8E-00C04F72D980}", "{1C15D484-911D-11D2-B632-00C04F79498E}", "{1DF7D126-4050-47F0-A7CF-4C4CA9241333}", "{2C63E4EB-4CEA-41B8-919C-E947EA19A77C}", "{334125C0-77E5-11D3-B653-00C04F79498E}", "{37B0353C-A4C8-11D2-B634-00C04F79498E}", "{37B03543-A4C8-11D2-B634-00C04F79498E}", "{37B03544-A4C8-11D2-B634-00C04F79498E}", "{418008F3-CF67-4668-9628-10DC52BE1D08}", "{4A5869CF-929D-4040-AE03-FCAFC5B9CD42}", "{577FAA18-4518-445E-8F70-1473F8CF4BA4}", "{59DC47A8-116C-11D3-9D8E-00C04F72D980}", "{7F9CB14D-48E4-43B6-9346-1AEBC39C64D3}", "{823535A0-0318-11D3-9D8E-00C04F72D980}", "{8872FF1B-98FA-4D7A-8D93-C9F1055F85BB}", "{8A674B4C-1F63-11D3-B64C-00C04F79498E}", "{8A674B4D-1F63-11D3-B64C-00C04F79498E}", "{9CD64701-BDF3-4D14-8E03-F12983D86664}", "{9E77AAC4-35E5-42A1-BDC2-8F3FF399847C}", "{A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980}", "{A2E3074E-6C3D-11D3-B653-00C04F79498E}", "{A2E30750-6C3D-11D3-B653-00C04F79498E}", "{A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE}", "{AD8E510D-217F-409B-8076-29C5E73B98E8}", "{B0EDF163-910A-11D2-B632-00C04F79498E}", "{B64016F3-C9A2-4066-96F0-BD9563314726}", "{BB530C63-D9DF-4B49-9439-63453962E598}", "{C531D9FD-9685-4028-8B68-6E1232079F1E}", "{C5702CCC-9B79-11D3-B654-00C04F79498E}", "{C5702CCD-9B79-11D3-B654-00C04F79498E}", "{C5702CCE-9B79-11D3-B654-00C04F79498E}", "{C5702CCF-9B79-11D3-B654-00C04F79498E}", "{C5702CD0-9B79-11D3-B654-00C04F79498E}", "{C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7}", "{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}", "{D02AAC50-027E-11D3-9D8E-00C04F72D980}", "{F9769A06-7ACA-4E39-9CFB-97BB35F0E77E}", "{FA7C375B-66A7-4280-879D-FD459C84BB02}" ); foreach clsid (clsids) { if (activex_get_killbit(clsid:clsid) == 0) { info += ' ' + clsid + '\n'; if (!thorough_tests) break; } } activex_end(); if (info) { if (report_verbosity > 0) { if (max_index(split(info)) > 1) s = "s"; else s = ""; report = '\nThe kill bit has not been set for the following control'+s+' :\n\n'+ info; if (!thorough_tests) { report += '\nNote that Nessus did not check whether there were other kill bits\n'+ 'that have not been set because the "Perform thorough tests" setting\n'+ 'was not enabled when this scan was run.\n'; } hotfix_add_report(report, bulletin:bulletin, kb:kb); } else hotfix_add_report(bulletin:bulletin, kb:kb); set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_hole(); } else audit(AUDIT_HOST_NOT, 'affected');
NASL family Windows NASL id WIN_SERVER_2008_NTLM_PCI.NASL description According to the version number obtained by NTLM the remote host has Windows Server 2008 installed. The host may be vulnerable to a number of vulnerabilities including remote unauthenticated code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 108811 published 2018-04-03 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108811 title Windows Server 2008 Critical RCE Vulnerabilities (uncredentialed) (PCI/DSS)
Oval
accepted 2009-12-28T04:00:28.579-05:00 class vulnerability contributors name Dragos Prisaca organization Gideon Technologies, Inc. name Tim Harrison organization National Institute of Standards and Technology name Tim Harrison organization National Institute of Standards and Technology name Tim Harrison organization National Institute of Standards and Technology name Tim Harrison organization National Institute of Standards and Technology name J. Daniel Brown organization DTCC name Maria Mikhno organization ALTX-SOFT
definition_extensions comment Microsoft Windows 2000 SP4 or later is installed oval oval:org.mitre.oval:def:229 comment Microsoft Windows XP (x86) SP2 is installed oval oval:org.mitre.oval:def:754 comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Microsoft Windows XP x64 Edition SP2 is installed oval oval:org.mitre.oval:def:4193 comment Microsoft Windows Server 2003 SP2 (x64) is installed oval oval:org.mitre.oval:def:2161 comment Microsoft Windows Server 2003 SP2 (x86) is installed oval oval:org.mitre.oval:def:1935 comment Microsoft Windows Server 2003 (ia64) SP2 is installed oval oval:org.mitre.oval:def:1442
description Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability." family windows id oval:org.mitre.oval:def:6333 status deprecated submitted 2009-07-14T13:00:00 title Microsoft Video ActiveX Control Vulnerability version 24 accepted 2009-09-28T04:00:26.257-04:00 class vulnerability contributors name Dragos Prisaca organization Gideon Technologies, Inc. name J. Daniel Brown organization DTCC name Rachana Shetty organization SecPod Technologies name Josh Turpin organization Symantec Corporation name Chandan S organization SecPod Technologies name Dragos Prisaca organization G2, Inc. name Maria Mikhno organization ALTX-SOFT name Maria Mikhno organization ALTX-SOFT name Maria Mikhno organization ALTX-SOFT
definition_extensions comment Microsoft Windows 2000 SP4 or later is installed oval oval:org.mitre.oval:def:229 comment Microsoft Outlook Express 5.5 SP2 is installed. oval oval:org.mitre.oval:def:504 comment Microsoft Windows 2000 SP4 or later is installed oval oval:org.mitre.oval:def:229 comment Microsoft Outlook Express 6 SP1 is installed. oval oval:org.mitre.oval:def:488 comment Microsoft Windows XP (x86) SP2 is installed oval oval:org.mitre.oval:def:754 comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed oval oval:org.mitre.oval:def:208 comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed oval oval:org.mitre.oval:def:208 comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed oval oval:org.mitre.oval:def:208 comment Microsoft Windows XP x64 Edition SP2 is installed oval oval:org.mitre.oval:def:4193 comment Microsoft Windows Server 2003 SP2 (x86) is installed oval oval:org.mitre.oval:def:1935 comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed oval oval:org.mitre.oval:def:208 comment Microsoft Windows Server 2003 SP2 (x64) is installed oval oval:org.mitre.oval:def:2161 comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed oval oval:org.mitre.oval:def:208 comment Microsoft Windows Server 2003 (ia64) SP2 is installed oval oval:org.mitre.oval:def:1442 comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed oval oval:org.mitre.oval:def:208 comment Microsoft Windows 2000 SP4 or later is installed oval oval:org.mitre.oval:def:229 comment Windows Media Player v9 is installed. oval oval:org.mitre.oval:def:2147 comment Microsoft Windows XP (x86) SP2 is installed oval oval:org.mitre.oval:def:754 comment Windows Media Player v9 is installed. oval oval:org.mitre.oval:def:2147 comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Windows Media Player v9 is installed. oval oval:org.mitre.oval:def:2147 comment Microsoft Windows XP (x86) SP2 is installed oval oval:org.mitre.oval:def:754 comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Windows Media Player v10 is installed. oval oval:org.mitre.oval:def:2172 comment Windows Media Player v10 is installed. oval oval:org.mitre.oval:def:2172 comment Microsoft Windows XP x64 Edition SP2 is installed oval oval:org.mitre.oval:def:4193 comment Microsoft Windows Server 2003 SP2 (x86) is installed oval oval:org.mitre.oval:def:1935 comment Windows Media Player v10 is installed. oval oval:org.mitre.oval:def:2172 comment Microsoft Windows Server 2003 SP2 (x64) is installed oval oval:org.mitre.oval:def:2161 comment Windows Media Player v10 is installed. oval oval:org.mitre.oval:def:2172 comment Microsoft Windows XP (x86) SP2 is installed oval oval:org.mitre.oval:def:754 comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Windows Media Player v11 is installed. oval oval:org.mitre.oval:def:2126 comment Windows Media Player v11 is installed. oval oval:org.mitre.oval:def:2126 comment Microsoft Windows XP x64 Edition SP2 is installed oval oval:org.mitre.oval:def:4193 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed oval oval:org.mitre.oval:def:4873 comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed oval oval:org.mitre.oval:def:5254 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows Server 2008 (ia-64) is installed oval oval:org.mitre.oval:def:5667 comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed oval oval:org.mitre.oval:def:6124 comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:5594 comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed oval oval:org.mitre.oval:def:5653 comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:6216 comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:6150 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed oval oval:org.mitre.oval:def:4873 comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed oval oval:org.mitre.oval:def:5254 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows Server 2008 (ia-64) is installed oval oval:org.mitre.oval:def:5667 comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed oval oval:org.mitre.oval:def:6124 comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:5594 comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed oval oval:org.mitre.oval:def:5653 comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:6216 comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:6150 comment Microsoft Windows 2000 SP4 or later is installed oval oval:org.mitre.oval:def:229 comment Microsoft Windows XP (x86) SP2 is installed oval oval:org.mitre.oval:def:754 comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Microsoft Windows Server 2003 SP2 (x86) is installed oval oval:org.mitre.oval:def:1935 comment Microsoft Windows Server 2003 SP2 (x64) is installed oval oval:org.mitre.oval:def:2161 comment Microsoft Windows Server 2003 (ia64) SP2 is installed oval oval:org.mitre.oval:def:1442 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed oval oval:org.mitre.oval:def:4873 comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed oval oval:org.mitre.oval:def:5254 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows Server 2008 (ia-64) is installed oval oval:org.mitre.oval:def:5667 comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed oval oval:org.mitre.oval:def:6124 comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:5594 comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed oval oval:org.mitre.oval:def:5653 comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:6216 comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed oval oval:org.mitre.oval:def:6150 comment Microsoft Windows XP x64 Edition SP2 is installed oval oval:org.mitre.oval:def:4193 comment Microsoft Windows 2000 SP4 or later is installed oval oval:org.mitre.oval:def:229 comment Microsoft Windows XP (x86) SP2 is installed oval oval:org.mitre.oval:def:754 comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Microsoft Windows Server 2003 SP2 (x86) is installed oval oval:org.mitre.oval:def:1935 comment Microsoft Windows Server 2003 SP2 (x64) is installed oval oval:org.mitre.oval:def:2161 comment Microsoft Windows Server 2003 (ia64) SP2 is installed oval oval:org.mitre.oval:def:1442 comment Microsoft Windows XP x64 Edition SP2 is installed oval oval:org.mitre.oval:def:4193 comment Microsoft Windows XP (x86) SP2 is installed oval oval:org.mitre.oval:def:754 comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Microsoft Windows Server 2003 SP2 (x86) is installed oval oval:org.mitre.oval:def:1935 comment Microsoft Windows Server 2003 SP2 (x64) is installed oval oval:org.mitre.oval:def:2161 comment Microsoft Windows XP x64 Edition SP2 is installed oval oval:org.mitre.oval:def:4193 comment Microsoft Windows Server 2003 (ia64) SP2 is installed oval oval:org.mitre.oval:def:1442
description Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability." family windows id oval:org.mitre.oval:def:6363 status deprecated submitted 2009-08-11T13:00:00 title Microsoft Video ActiveX Control Vulnerability version 78 accepted 2014-08-18T04:06:28.638-04:00 class vulnerability contributors name J. Daniel Brown organization DTCC name Rachana Shetty organization SecPod Technologies name Josh Turpin organization Symantec Corporation name Chandan S organization SecPod Technologies name Dragos Prisaca organization G2, Inc. name Maria Mikhno organization ALTX-SOFT name Maria Mikhno organization ALTX-SOFT name Maria Mikhno organization ALTX-SOFT name Maria Mikhno organization ALTX-SOFT
definition_extensions comment Microsoft Windows 2000 is installed oval oval:org.mitre.oval:def:85 comment Microsoft Outlook Express 5.5 SP2 is installed. oval oval:org.mitre.oval:def:504 comment Microsoft Windows 2000 is installed oval oval:org.mitre.oval:def:85 comment Microsoft Outlook Express 6 SP1 is installed. oval oval:org.mitre.oval:def:488 comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed oval oval:org.mitre.oval:def:208 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Windows Server 2003 (32-bit) is installed oval oval:org.mitre.oval:def:1870 comment Microsoft Windows Server 2003 (x64) is installed oval oval:org.mitre.oval:def:730 comment Microsoft Windows Server 2003 (ia64) Gold is installed oval oval:org.mitre.oval:def:396 comment Microsoft Windows XP x64 is installed oval oval:org.mitre.oval:def:15247 comment Microsoft Windows 2000 is installed oval oval:org.mitre.oval:def:85 comment Windows Media Player v9 is installed. oval oval:org.mitre.oval:def:2147 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Windows Media Player v9 is installed. oval oval:org.mitre.oval:def:2147 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Windows Media Player v9 is installed. oval oval:org.mitre.oval:def:2147 comment Windows Media Player v10 is installed. oval oval:org.mitre.oval:def:2172 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Windows Server 2003 (x64) is installed oval oval:org.mitre.oval:def:730 comment Microsoft Windows XP x64 is installed oval oval:org.mitre.oval:def:15247 comment Microsoft Windows Server 2003 (32-bit) is installed oval oval:org.mitre.oval:def:1870 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Windows XP x64 is installed oval oval:org.mitre.oval:def:15247 comment Windows Media Player v11 is installed. oval oval:org.mitre.oval:def:2126 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Windows Media Player v11 is installed. oval oval:org.mitre.oval:def:2126 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Windows Media Player v11 is installed. oval oval:org.mitre.oval:def:2126 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Windows Media Player v11 is installed. oval oval:org.mitre.oval:def:2126 comment Microsoft Windows 2000 is installed oval oval:org.mitre.oval:def:85 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Windows Server 2003 (32-bit) is installed oval oval:org.mitre.oval:def:1870 comment Microsoft Windows Server 2003 (x64) is installed oval oval:org.mitre.oval:def:730 comment Microsoft Windows Server 2003 (ia64) Gold is installed oval oval:org.mitre.oval:def:396 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows Server 2008 (ia-64) is installed oval oval:org.mitre.oval:def:5667 comment Microsoft Windows XP x64 is installed oval oval:org.mitre.oval:def:15247 comment Microsoft Windows 2000 is installed oval oval:org.mitre.oval:def:85 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Windows Server 2003 (32-bit) is installed oval oval:org.mitre.oval:def:1870 comment Microsoft Windows Server 2003 (x64) is installed oval oval:org.mitre.oval:def:730 comment Microsoft Windows Server 2003 (ia64) Gold is installed oval oval:org.mitre.oval:def:396 comment Microsoft Windows XP x64 is installed oval oval:org.mitre.oval:def:15247 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Windows Server 2003 (32-bit) is installed oval oval:org.mitre.oval:def:1870 comment Microsoft Windows Server 2003 (x64) is installed oval oval:org.mitre.oval:def:730 comment Microsoft Windows XP x64 is installed oval oval:org.mitre.oval:def:15247 comment Microsoft Windows Server 2003 (ia64) Gold is installed oval oval:org.mitre.oval:def:396 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows 2000 is installed oval oval:org.mitre.oval:def:85 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Windows XP x64 is installed oval oval:org.mitre.oval:def:15247 comment Microsoft Windows Server 2003 (x64) is installed oval oval:org.mitre.oval:def:730 comment Microsoft Windows Server 2003 (32-bit) is installed oval oval:org.mitre.oval:def:1870 comment Microsoft Windows Server 2003 (ia64) Gold is installed oval oval:org.mitre.oval:def:396
description Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability." family windows id oval:org.mitre.oval:def:7436 status accepted submitted 2009-12-26T17:00:00.000-05:00 title Microsoft Video ActiveX Control Vulnerability version 86
Packetstorm
data source | https://packetstormsecurity.com/files/download/83141/msvidctl_mpeg2.rb.txt |
id | PACKETSTORM:83141 |
last seen | 2016-12-05 |
published | 2009-11-26 |
reporter | Trancer |
source | https://packetstormsecurity.com/files/83141/Microsoft-DirectShow-msvidctl.dll-MPEG-2-Memory-Corruption.html |
title | Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption |
Saint
bid | 35558 |
description | Microsoft DirectShow Video Streaming ActiveX IMPEG2TuneRequest Overflow |
id | win_patch_videoax |
osvdb | 55651 |
title | microsoft_directx_impeg2tunerequest |
type | client |
References
- http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx
- http://isc.sans.org/diary.html?storyid=6733
- http://osvdb.org/55651
- http://secunia.com/advisories/36187
- http://www.csis.dk/dk/nyheder/nyheder.asp?tekstID=799
- http://www.iss.net/threats/329.html
- http://www.kb.cert.org/vuls/id/180513
- http://www.microsoft.com/technet/security/advisory/972890.mspx
- http://www.securityfocus.com/bid/35558
- http://www.securityfocus.com/bid/35585
- http://www.securitytracker.com/id?1022514
- http://www.us-cert.gov/cas/techalerts/TA09-187A.html
- http://www.us-cert.gov/cas/techalerts/TA09-195A.html
- http://www.us-cert.gov/cas/techalerts/TA09-223A.html
- http://www.vupen.com/english/advisories/2009/2232
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-032
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6333
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6363
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7436