Windows Media Encoder 9 Remote Code Execution Vulnerability (954156) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS08-053.

Impact

Remote attackers can execute arbitrary code, if a user views a specially crafted web page, and can successfully exploit to take complete control of an affected system to view, change, or delete, or create new accounts with full user rights. Impact Level : Application/System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms08-053.mspx

Insight

The flaw is due to a boundary error in the WMEX.DLL ActiveX control.

Affected

Windows Media Encoder 9 on Windows 2K/XP/2003

References

http://www.microsoft.com/technet/security/bulletin/ms08-053.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-3008

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Active Directory Denial of Service Vulnerability (953235)
Microsoft Filter Pack Remote Code Execution Vulnerability (2801261)
Microsoft .NET Common Language Runtime Code Execution Vulnerability (974378)
Microsoft .NET Framework Remote Code Execution Vulnerabilities (2878890)
Microsoft DNS Resolution Remote Code Execution Vulnerability (2509553)

Take action and discover your vulnerabilities