Executive Summary

Informations
NameCVE-2008-0011First vendor Publication2008-06-11
VendorCveLast vendor Modification2011-03-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0011

CWE : Common Weakness Enumeration

idName
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5236
 
Oval ID: oval:org.mitre.oval:def:5236
Title: MJPEG Decoder Vulnerability
Description: Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-0011
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): DirectX
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application4

OpenVAS Exploits

DateDescription
2008-09-30Name : Bluetooth Stack Could Allow Remote Code Execution Vulnerability (951376)
File : nvt/gb_ms08-030.nasl
2008-09-30Name : Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)
File : nvt/gb_ms08-033.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
46064Microsoft DirectX MJPEG Codec AVI/ASF File Processing Arbitrary Code Execution

Snort® IPS/IDS

DateDescription
2014-01-10Microsoft Windows DirectX malformed avi file mjpeg compression arbitrary code...
RuleID : 15995 - Revision : 11 - Type : FILE-MULTIMEDIA
2014-01-10Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt
RuleID : 13824 - Revision : 14 - Type : FILE-MULTIMEDIA
2014-01-10Microsoft Windows DirectX SAMI file parsing buffer overflow attempt
RuleID : 13823 - Revision : 13 - Type : FILE-MULTIMEDIA

Nessus® Vulnerability Scanner

DateDescription
2008-06-10Name : A vulnerability in DirectX could allow remote code execution.
File : smb_nt_ms08-033.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/29581
CERThttp://www.us-cert.gov/cas/techalerts/TA08-162B.html
HPhttp://marc.info/?l=bugtraq&m=121380194923597&w=2
http://marc.info/?l=bugtraq&m=121380194923597&w=2
MShttp://www.microsoft.com/technet/security/bulletin/ms08-033.mspx
SECTRACKhttp://securitytracker.com/id?1020222
SECUNIAhttp://secunia.com/advisories/30579
VUPENhttp://www.vupen.com/english/advisories/2008/1780

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2014-02-17 10:43:10
  • Multiple Updates
2014-01-19 21:24:39
  • Multiple Updates
2013-05-11 00:05:29
  • Multiple Updates