CVE-2008-3009 - Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media S

CVE-2008-3009

Summary

Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."

References

Vulnerable Configurations

cpe:2.3:a:microsoft:windows_media_player:6.4:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_player:6.4:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:pro_x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:pro_x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_format_runtime:7.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_format_runtime:7.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_services:4.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_services:4.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_services:9:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_services:9:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_services:2008:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_services:2008:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:gold:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:gold:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:x64:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:x64:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:x64:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:x64:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_format_runtime:9:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_format_runtime:9:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 26-02-2019 - 14:04)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

msbulletin via4

bulletin_id	MS08-076
bulletin_url
date	2008-12-09T00:00:00
impact	Remote Code Execution
knowledgebase_id	959349
knowledgebase_url
severity	Important
title	Vulnerabilities in Windows Media Components Could Allow Remote Code Execution

oval via4

accepted

2014-08-18T04:06:05.949-04:00

class

vulnerability

contributors

name Sudhir Gandhe
organization Secure Elements, Inc.
name Dragos Prisaca
organization Gideon Technologies, Inc.
name Dragos Prisaca
organization Gideon Technologies, Inc.
name Dragos Prisaca
organization Symantec Corporation
name Pradeep R B
organization SecPod Technologies
name Maria Mikhno
organization ALTX-SOFT

definition_extensions

comment Windows Media Player 6.4 is installed.
oval oval:org.mitre.oval:def:6408
comment Microsoft Windows 2000 is installed
oval oval:org.mitre.oval:def:85
comment Microsoft Windows XP (32-bit) is installed
oval oval:org.mitre.oval:def:1353
comment Microsoft Windows Server 2003 (32-bit) is installed
oval oval:org.mitre.oval:def:1870
comment Microsoft Windows XP x64 is installed
oval oval:org.mitre.oval:def:15247
comment Microsoft Windows Server 2003 (x64) is installed
oval oval:org.mitre.oval:def:730
comment Microsoft Media Services 4.1 is installed
oval oval:org.mitre.oval:def:5705
comment Microsoft Windows 2000 is installed
oval oval:org.mitre.oval:def:85
comment Microsoft Media Services 9 is installed
oval oval:org.mitre.oval:def:5844
comment Microsoft Windows Server 2003 (32-bit) is installed
oval oval:org.mitre.oval:def:1870
comment Microsoft Windows Server 2003 (32-bit) is installed
oval oval:org.mitre.oval:def:1870
comment Microsoft Windows Server 2008 (32-bit) is installed
oval oval:org.mitre.oval:def:4870
comment Microsoft Windows Server 2008 (64-bit) is installed
oval oval:org.mitre.oval:def:5356
comment Windows Media Player v7.1 is installed.
oval oval:org.mitre.oval:def:1386
comment Microsoft Windows 2000 is installed
oval oval:org.mitre.oval:def:85
comment Windows Media Player v9 is installed.
oval oval:org.mitre.oval:def:2147
comment Microsoft Windows 2000 is installed
oval oval:org.mitre.oval:def:85
comment Microsoft Windows XP is installed
oval oval:org.mitre.oval:def:105
comment Microsoft Windows XP (32-bit) is installed
oval oval:org.mitre.oval:def:1353
comment Windows Media Player v10 is installed.
oval oval:org.mitre.oval:def:2172
comment Microsoft Windows XP is installed
oval oval:org.mitre.oval:def:105
comment Microsoft Windows XP (32-bit) is installed
oval oval:org.mitre.oval:def:1353
comment Microsoft Windows Server 2003 (32-bit) is installed
oval oval:org.mitre.oval:def:1870
comment Microsoft Windows Server 2003 (32-bit) is installed
oval oval:org.mitre.oval:def:1870
comment Microsoft Windows XP x64 is installed
oval oval:org.mitre.oval:def:15247
comment Microsoft Windows Server 2003 (x64) is installed
oval oval:org.mitre.oval:def:730
comment Microsoft Windows XP x64 is installed
oval oval:org.mitre.oval:def:15247
comment Microsoft Windows Server 2003 (x64) is installed
oval oval:org.mitre.oval:def:730
comment Windows Media Player v11 is installed.
oval oval:org.mitre.oval:def:2126
comment Microsoft Windows XP is installed
oval oval:org.mitre.oval:def:105
comment Microsoft Windows XP (32-bit) is installed
oval oval:org.mitre.oval:def:1353
comment Microsoft Windows XP x64 is installed
oval oval:org.mitre.oval:def:15247
comment Microsoft Windows Vista x64 Edition is installed
oval oval:org.mitre.oval:def:2041
comment Microsoft Windows Vista (32-bit) is installed
oval oval:org.mitre.oval:def:1282
comment Microsoft Windows Vista (32-bit) is installed
oval oval:org.mitre.oval:def:1282
comment Microsoft Windows Server 2008 (32-bit) is installed
oval oval:org.mitre.oval:def:4870
comment Microsoft Windows Vista x64 Edition is installed
oval oval:org.mitre.oval:def:2041
comment Microsoft Windows Server 2008 (64-bit) is installed
oval oval:org.mitre.oval:def:5356

description

family

windows

oval:org.mitre.oval:def:5942

status

accepted

submitted

2008-12-10T10:44:00

title

SPN Vulnerability

version

refmap via4

bid	32653
cert	TA08-344A
sectrack	1021372 1021373
secunia	33058
vupen	ADV-2008-3388

Last major update

26-02-2019 - 14:04

Published

10-12-2008 - 14:00

Last modified

26-02-2019 - 14:04