CVE-2008-0015

Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest...

Basic Information

CVE State
PUBLISHED
Reserved Date
December 13, 2007
Published Date
July 07, 2009
Last Updated
August 07, 2024
Vendor
Microsoft
Product
Windows
Description
Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
Tags
windows metasploit_scanner

CVSS Scores

CVSS v2.0

9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploit Status

Exploited in the Wild
Yes (2009-07-07 23:00:00 UTC) Source

Known Exploited Vulnerability Information

Source Added Date
CVE 2009-07-07 23:00:00 UTC

Scanner Integrations

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

msvidctl_mpeg2

Type: metasploit • Created: Unknown

Metasploit module for CVE-2008-0015

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Detected by Metasploit