CVE-2008-0015

high

Description

Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7436

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6363

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6333

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-032

http://www.vupen.com/english/advisories/2009/2232

http://www.us-cert.gov/cas/techalerts/TA09-223A.html

http://www.us-cert.gov/cas/techalerts/TA09-195A.html

http://www.us-cert.gov/cas/techalerts/TA09-187A.html

http://www.securitytracker.com/id?1022514

http://www.securityfocus.com/bid/35585

http://www.securityfocus.com/bid/35558

http://www.microsoft.com/technet/security/advisory/972890.mspx

http://www.kb.cert.org/vuls/id/180513

http://secunia.com/advisories/36187

http://osvdb.org/55651

http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx

Details

Source: Mitre, NVD

Published: 2009-07-07

Updated: 2018-10-12

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High