ID CVE-2008-3009
Summary Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:windows_media_player:6.4:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:windows_media_player:6.4:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:pro_x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:pro_x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:windows_media_format_runtime:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:windows_media_format_runtime:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:windows_media_services:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:windows_media_services:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:windows_media_services:9:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:windows_media_services:9:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:windows_media_services:2008:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:windows_media_services:2008:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
  • cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:gold:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:gold:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*
  • cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:x64:*:*:*:*:*
    cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:x64:*:*:*:*:*
  • cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:x64:*:*:*:*:*
    cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:x64:*:*:*:*:*
  • cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:windows_media_format_runtime:9:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:windows_media_format_runtime:9:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 26-02-2019 - 14:04)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2014-08-18T04:06:05.949-04:00
class vulnerability
contributors
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name Dragos Prisaca
    organization Symantec Corporation
  • name Pradeep R B
    organization SecPod Technologies
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Windows Media Player 6.4 is installed.
    oval oval:org.mitre.oval:def:6408
  • comment Microsoft Windows 2000 is installed
    oval oval:org.mitre.oval:def:85
  • comment Microsoft Windows XP (32-bit) is installed
    oval oval:org.mitre.oval:def:1353
  • comment Microsoft Windows Server 2003 (32-bit) is installed
    oval oval:org.mitre.oval:def:1870
  • comment Microsoft Windows XP x64 is installed
    oval oval:org.mitre.oval:def:15247
  • comment Microsoft Windows Server 2003 (x64) is installed
    oval oval:org.mitre.oval:def:730
  • comment Microsoft Media Services 4.1 is installed
    oval oval:org.mitre.oval:def:5705
  • comment Microsoft Windows 2000 is installed
    oval oval:org.mitre.oval:def:85
  • comment Microsoft Media Services 9 is installed
    oval oval:org.mitre.oval:def:5844
  • comment Microsoft Windows Server 2003 (32-bit) is installed
    oval oval:org.mitre.oval:def:1870
  • comment Microsoft Windows Server 2003 (32-bit) is installed
    oval oval:org.mitre.oval:def:1870
  • comment Microsoft Windows Server 2008 (32-bit) is installed
    oval oval:org.mitre.oval:def:4870
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
  • comment Windows Media Player v7.1 is installed.
    oval oval:org.mitre.oval:def:1386
  • comment Microsoft Windows 2000 is installed
    oval oval:org.mitre.oval:def:85
  • comment Windows Media Player v9 is installed.
    oval oval:org.mitre.oval:def:2147
  • comment Microsoft Windows 2000 is installed
    oval oval:org.mitre.oval:def:85
  • comment Microsoft Windows XP is installed
    oval oval:org.mitre.oval:def:105
  • comment Microsoft Windows XP (32-bit) is installed
    oval oval:org.mitre.oval:def:1353
  • comment Windows Media Player v10 is installed.
    oval oval:org.mitre.oval:def:2172
  • comment Microsoft Windows XP is installed
    oval oval:org.mitre.oval:def:105
  • comment Microsoft Windows XP (32-bit) is installed
    oval oval:org.mitre.oval:def:1353
  • comment Microsoft Windows Server 2003 (32-bit) is installed
    oval oval:org.mitre.oval:def:1870
  • comment Microsoft Windows Server 2003 (32-bit) is installed
    oval oval:org.mitre.oval:def:1870
  • comment Microsoft Windows XP x64 is installed
    oval oval:org.mitre.oval:def:15247
  • comment Microsoft Windows Server 2003 (x64) is installed
    oval oval:org.mitre.oval:def:730
  • comment Microsoft Windows XP x64 is installed
    oval oval:org.mitre.oval:def:15247
  • comment Microsoft Windows Server 2003 (x64) is installed
    oval oval:org.mitre.oval:def:730
  • comment Windows Media Player v11 is installed.
    oval oval:org.mitre.oval:def:2126
  • comment Microsoft Windows XP is installed
    oval oval:org.mitre.oval:def:105
  • comment Microsoft Windows XP (32-bit) is installed
    oval oval:org.mitre.oval:def:1353
  • comment Microsoft Windows XP x64 is installed
    oval oval:org.mitre.oval:def:15247
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Server 2008 (32-bit) is installed
    oval oval:org.mitre.oval:def:4870
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
description Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
family windows
id oval:org.mitre.oval:def:5942
status accepted
submitted 2008-12-10T10:44:00
title SPN Vulnerability
version 75
refmap via4
bid 32653
cert TA08-344A
ms MS08-076
sectrack
  • 1021372
  • 1021373
secunia 33058
vupen ADV-2008-3388
Last major update 26-02-2019 - 14:04
Published 10-12-2008 - 14:00
Back to Top