NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2008-3008

Summary	Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability."
Summary	Desbordamiento de búfer basado en pila en el control WMEncProfileManager ActiveX en wmex.dll en Microsoft Windows Media Encoder 9 Series permite a atacantes remotos ejecutar un código arbitrario a través de un primer argumento largo en el método GetDetailsString, también conocido como "Windows Media Encoder Buffer Overrun Vulnerability".
Publication Date	Sept. 11, 2008, 10:11 a.m.
Registration Date	Jan. 29, 2021, 1:38 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : HIGH
Score	9.3
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	はい
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	はい

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:microsoft:windows_media_encoder:9_series:::::::*

Configuration2		or higher	or less	more than	less than
cpe:2.3:o:microsoft:windows-nt:xp:sp3::::::
cpe:2.3:o:microsoft:windows_2000:-:sp4::::::
cpe:2.3:o:microsoft:windows_2003_server:-::x64:::::
cpe:2.3:o:microsoft:windows_2003_server:-:sp1::::::
cpe:2.3:o:microsoft:windows_2003_server:-:sp2::::::
cpe:2.3:o:microsoft:windows_2003_server:-:sp2:x64:::::*
cpe:2.3:o:microsoft:windows_xp:-:sp2::::::
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://marc.info/?l=bugtraq&m=122235754013992&w=2	secure@microsoft.com
2	http://www.kb.cert.org/vuls/id/996227	secure@microsoft.com
3	http://www.securityfocus.com/bid/31065	secure@microsoft.com
4	http://www.securitytracker.com/id?1020832	secure@microsoft.com
5	http://www.us-cert.gov/cas/techalerts/TA08-253A.html	secure@microsoft.com
6	http://www.vupen.com/english/advisories/2008/2521	secure@microsoft.com
7	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053	secure@microsoft.com
8	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6018	secure@microsoft.com
9	https://www.exploit-db.com/exploits/6454	secure@microsoft.com
10	http://marc.info/?l=bugtraq&m=122235754013992&w=2	af854a3a-2127-422b-91ae-364da2661108
11	http://www.kb.cert.org/vuls/id/996227	af854a3a-2127-422b-91ae-364da2661108
12	http://www.securityfocus.com/bid/31065	af854a3a-2127-422b-91ae-364da2661108
13	http://www.securitytracker.com/id?1020832	af854a3a-2127-422b-91ae-364da2661108
14	http://www.us-cert.gov/cas/techalerts/TA08-253A.html	af854a3a-2127-422b-91ae-364da2661108
15	http://www.vupen.com/english/advisories/2008/2521	af854a3a-2127-422b-91ae-364da2661108
16	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-053	af854a3a-2127-422b-91ae-364da2661108
17	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6018	af854a3a-2127-422b-91ae-364da2661108
18	https://www.exploit-db.com/exploits/6454	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html