Windows Media Encoder 9 Remote Code Execution Vulnerability (954156) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS08-053.

Impact

Remote attackers can execute arbitrary code, if a user views a specially crafted web page, and can successfully exploit to take complete control of an affected system to view, change, or delete, or create new accounts with full user rights. Impact Level : Application/System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms08-053.mspx

Insight

The flaw is due to a boundary error in the WMEX.DLL ActiveX control.

Affected

Windows Media Encoder 9 on Windows 2K/XP/2003

References

http://www.microsoft.com/technet/security/bulletin/ms08-053.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-3008

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)
Bluetooth Stack Could Allow Remote Code Execution Vulnerability (951376)
Microsoft .NET Framework Multiple Vulnerabilities (2916607)
Microsoft .NET Framework Privilege Elevation Vulnerability (3005210)
Microsoft Internet Explorer Memory Corruption Vulnerability (2755801)

Take action and discover your vulnerabilities