ID CVE-2008-3009
Summary Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
References
Vulnerable Configurations
  • Microsoft windows_media_player 6.4
    cpe:2.3:a:microsoft:windows_media_player:6.4
  • Microsoft Windows 2000 Service Pack 4
    cpe:2.3:o:microsoft:windows_2000:-:sp4
  • Microsoft Windows Server 2003
    cpe:2.3:o:microsoft:windows_server_2003
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp1
    cpe:2.3:o:microsoft:windows_server_2003:-:sp1
  • Microsoft Windows Server 2003 Service Pack 2
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2
  • cpe:2.3:o:microsoft:windows_xp:-:pro_x64
    cpe:2.3:o:microsoft:windows_xp:-:pro_x64
  • Microsoft Windows XP Service Pack 2
    cpe:2.3:o:microsoft:windows_xp:-:sp2
  • cpe:2.3:o:microsoft:windows_xp:-:sp2:pro_x64
    cpe:2.3:o:microsoft:windows_xp:-:sp2:pro_x64
  • Microsoft Windows XP Service Pack 3
    cpe:2.3:o:microsoft:windows_xp:-:sp3
  • Microsoft Media Format Runtime 7.1
    cpe:2.3:a:microsoft:windows_media_format_runtime:7.1
  • Microsoft Windows 2000 Service Pack 4
    cpe:2.3:o:microsoft:windows_2000:-:sp4
  • Microsoft windows_media_services 4.1
    cpe:2.3:a:microsoft:windows_media_services:4.1
  • Microsoft Windows 2000 Service Pack 4
    cpe:2.3:o:microsoft:windows_2000:-:sp4
  • Microsoft windows_media_services 9
    cpe:2.3:a:microsoft:windows_media_services:9
  • Microsoft Windows Server 2003
    cpe:2.3:o:microsoft:windows_server_2003
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp1
    cpe:2.3:o:microsoft:windows_server_2003:-:sp1
  • Microsoft Windows Server 2003 Service Pack 2
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2
  • Microsoft Windows XP Service Pack 3
    cpe:2.3:o:microsoft:windows_xp:-:sp3
  • Microsoft windows_media_services 2008
    cpe:2.3:a:microsoft:windows_media_services:2008
  • cpe:2.3:o:microsoft:windows_server_2008:-:x32
    cpe:2.3:o:microsoft:windows_server_2008:-:x32
  • cpe:2.3:o:microsoft:windows_server_2008:-:x64
    cpe:2.3:o:microsoft:windows_server_2008:-:x64
  • Microsoft Windows Media Format Runtime 11
    cpe:2.3:a:microsoft:windows_media_format_runtime:11
  • cpe:2.3:o:microsoft:windows_server_2008:-:x32
    cpe:2.3:o:microsoft:windows_server_2008:-:x32
  • cpe:2.3:o:microsoft:windows_server_2008:-:x64
    cpe:2.3:o:microsoft:windows_server_2008:-:x64
  • cpe:2.3:o:microsoft:windows_vista:-:x64
    cpe:2.3:o:microsoft:windows_vista:-:x64
  • Microsoft Windows Vista Service Pack 1 (initial release)
    cpe:2.3:o:microsoft:windows_vista:-:sp1
  • Microsoft Windows Vista Service Pack 1 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_vista:-:sp1:x64
  • cpe:2.3:o:microsoft:windows_vista:gold
    cpe:2.3:o:microsoft:windows_vista:gold
  • cpe:2.3:o:microsoft:windows_xp:-:x64
    cpe:2.3:o:microsoft:windows_xp:-:x64
  • Microsoft Windows XP Service Pack 2
    cpe:2.3:o:microsoft:windows_xp:-:sp2
  • cpe:2.3:o:microsoft:windows_xp:-:sp2:pro_x64
    cpe:2.3:o:microsoft:windows_xp:-:sp2:pro_x64
  • Microsoft Windows XP Service Pack 3
    cpe:2.3:o:microsoft:windows_xp:-:sp3
  • Microsoft windows_media_format_runtime 11 unknown x64
    cpe:2.3:a:microsoft:windows_media_format_runtime:11:-:x64
  • Microsoft Windows Server 2003
    cpe:2.3:o:microsoft:windows_server_2003
  • Microsoft Windows Server 2003 Service Pack 2
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2
  • cpe:2.3:o:microsoft:windows_xp:-:pro_x64
    cpe:2.3:o:microsoft:windows_xp:-:pro_x64
  • cpe:2.3:o:microsoft:windows_xp:-:sp2:pro_x64
    cpe:2.3:o:microsoft:windows_xp:-:sp2:pro_x64
  • cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:-:x64
    cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:-:x64
  • Microsoft Windows Server 2003
    cpe:2.3:o:microsoft:windows_server_2003
  • Microsoft Windows Server 2003 Service Pack 2
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2
  • cpe:2.3:o:microsoft:windows_xp:-:x64
    cpe:2.3:o:microsoft:windows_xp:-:x64
  • cpe:2.3:o:microsoft:windows_xp:-:sp2:pro_x64
    cpe:2.3:o:microsoft:windows_xp:-:sp2:pro_x64
  • Microsoft Windows Media Format Runtime 9.5
    cpe:2.3:a:microsoft:windows_media_format_runtime:9.5
  • Microsoft Windows Server 2003
    cpe:2.3:o:microsoft:windows_server_2003
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp1
    cpe:2.3:o:microsoft:windows_server_2003:-:sp1
  • Microsoft Windows Server 2003 Service Pack 2
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2
  • cpe:2.3:o:microsoft:windows_xp:-:x64
    cpe:2.3:o:microsoft:windows_xp:-:x64
  • Microsoft Windows XP Service Pack 2
    cpe:2.3:o:microsoft:windows_xp:-:sp2
  • cpe:2.3:o:microsoft:windows_xp:-:sp2:pro_x64
    cpe:2.3:o:microsoft:windows_xp:-:sp2:pro_x64
  • Microsoft Windows XP Service Pack 3
    cpe:2.3:o:microsoft:windows_xp:-:sp3
  • Microsoft Windows Media Format Runtime 9
    cpe:2.3:a:microsoft:windows_media_format_runtime:9
  • Microsoft Windows 2000 Service Pack 4
    cpe:2.3:o:microsoft:windows_2000:-:sp4
  • Microsoft Windows XP Service Pack 2
    cpe:2.3:o:microsoft:windows_xp:-:sp2
  • Microsoft Windows XP Service Pack 3
    cpe:2.3:o:microsoft:windows_xp:-:sp3
CVSS
Base: 10.0 (as of 10-12-2008 - 15:05)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
msbulletin via4
bulletin_id MS08-076
bulletin_url
date 2008-12-09T00:00:00
impact Remote Code Execution
knowledgebase_id 959349
knowledgebase_url
severity Important
title Vulnerabilities in Windows Media Components Could Allow Remote Code Execution
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS08-076.NASL
description The remote host is running Windows Media Player/Components. There is a vulnerability in the remote version of this software that may allow an attacker to execute arbitrary code on the remote host thru flaws in ISATAP and SPN.
last seen 2019-02-21
modified 2018-11-15
plugin id 35075
published 2008-12-10
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=35075
title MS08-076: Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)
oval via4
accepted 2014-08-18T04:06:05.949-04:00
class vulnerability
contributors
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name Dragos Prisaca
    organization Symantec Corporation
  • name Pradeep R B
    organization SecPod Technologies
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Windows Media Player 6.4 is installed.
    oval oval:org.mitre.oval:def:6408
  • comment Microsoft Windows 2000 is installed
    oval oval:org.mitre.oval:def:85
  • comment Microsoft Windows XP (32-bit) is installed
    oval oval:org.mitre.oval:def:1353
  • comment Microsoft Windows Server 2003 (32-bit) is installed
    oval oval:org.mitre.oval:def:1870
  • comment Microsoft Windows XP x64 is installed
    oval oval:org.mitre.oval:def:15247
  • comment Microsoft Windows Server 2003 (x64) is installed
    oval oval:org.mitre.oval:def:730
  • comment Microsoft Media Services 4.1 is installed
    oval oval:org.mitre.oval:def:5705
  • comment Microsoft Windows 2000 is installed
    oval oval:org.mitre.oval:def:85
  • comment Microsoft Media Services 9 is installed
    oval oval:org.mitre.oval:def:5844
  • comment Microsoft Windows Server 2003 (32-bit) is installed
    oval oval:org.mitre.oval:def:1870
  • comment Microsoft Windows Server 2003 (32-bit) is installed
    oval oval:org.mitre.oval:def:1870
  • comment Microsoft Windows Server 2008 (32-bit) is installed
    oval oval:org.mitre.oval:def:4870
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
  • comment Windows Media Player v7.1 is installed.
    oval oval:org.mitre.oval:def:1386
  • comment Microsoft Windows 2000 is installed
    oval oval:org.mitre.oval:def:85
  • comment Windows Media Player v9 is installed.
    oval oval:org.mitre.oval:def:2147
  • comment Microsoft Windows 2000 is installed
    oval oval:org.mitre.oval:def:85
  • comment Microsoft Windows XP is installed
    oval oval:org.mitre.oval:def:105
  • comment Microsoft Windows XP (32-bit) is installed
    oval oval:org.mitre.oval:def:1353
  • comment Windows Media Player v10 is installed.
    oval oval:org.mitre.oval:def:2172
  • comment Microsoft Windows XP is installed
    oval oval:org.mitre.oval:def:105
  • comment Microsoft Windows XP (32-bit) is installed
    oval oval:org.mitre.oval:def:1353
  • comment Microsoft Windows Server 2003 (32-bit) is installed
    oval oval:org.mitre.oval:def:1870
  • comment Microsoft Windows Server 2003 (32-bit) is installed
    oval oval:org.mitre.oval:def:1870
  • comment Microsoft Windows XP x64 is installed
    oval oval:org.mitre.oval:def:15247
  • comment Microsoft Windows Server 2003 (x64) is installed
    oval oval:org.mitre.oval:def:730
  • comment Microsoft Windows XP x64 is installed
    oval oval:org.mitre.oval:def:15247
  • comment Microsoft Windows Server 2003 (x64) is installed
    oval oval:org.mitre.oval:def:730
  • comment Windows Media Player v11 is installed.
    oval oval:org.mitre.oval:def:2126
  • comment Microsoft Windows XP is installed
    oval oval:org.mitre.oval:def:105
  • comment Microsoft Windows XP (32-bit) is installed
    oval oval:org.mitre.oval:def:1353
  • comment Microsoft Windows XP x64 is installed
    oval oval:org.mitre.oval:def:15247
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Server 2008 (32-bit) is installed
    oval oval:org.mitre.oval:def:4870
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
description Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
family windows
id oval:org.mitre.oval:def:5942
status accepted
submitted 2008-12-10T10:44:00
title SPN Vulnerability
version 75
refmap via4
bid 32653
cert TA08-344A
ms MS08-076
sectrack
  • 1021372
  • 1021373
secunia 33058
vupen ADV-2008-3388
Last major update 07-03-2011 - 22:10
Published 10-12-2008 - 09:00
Last modified 26-02-2019 - 09:04
Back to Top