Vulnerability detail
Enriched intelligence for a single CVE
High
CVE-2008-0015
PUBLISHEDStack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest...
6174 days faster than CISA KEV
- Vendor
- Microsoft
- Product
- Windows
- Published
- Jul 07, 2009
- EPSS
- 81.6% · 99% pctl
Automate this intelligence with the Pro API
Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.
Description
Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
Weaknesses (CWE)
-
Stack-based Buffer Overflow
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitation status
Exploited in the wild
Recorded 2009-07-07 23:00:00 UTC · CVE
Proof of concept available
Recorded 2025-04-28 15:02:41 UTC
References
- http://www.securityfocus.com/bid/35558
- http://www.us-cert.gov/cas/techalerts/TA09-223A.html
- http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx
- http://osvdb.org/55651
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6333
- http://www.securityfocus.com/bid/35585
- http://secunia.com/advisories/36187
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-032
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7436
- http://www.vupen.com/english/advisories/2009/2232
- http://www.securitytracker.com/id?1022514
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037
- http://www.csis.dk/dk/nyheder/nyheder.asp?tekstID=799
- http://isc.sans.org/diary.html?storyid=6733
- http://www.us-cert.gov/cas/techalerts/TA09-187A.html
- http://www.microsoft.com/technet/security/advisory/972890.mspx
- http://www.us-cert.gov/cas/techalerts/TA09-195A.html
- http://www.iss.net/threats/329.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6363
- http://www.kb.cert.org/vuls/id/180513
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CVE First | 2009-07-07 23:00 UTC |
| CISA | 2026-06-02 14:03 UTC |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/msvidctl_mpeg2.rb | Apr 28, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Proof of Concept Exploit Available
-
Detected by Metasploit
-
KEV confirmed by CISA