CVE-2008-0015
Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- December 13, 2007
- Published Date
- July 07, 2009
- Last Updated
- August 07, 2024
- Vendor
- Microsoft
- Product
- Windows
- Description
- Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
- Tags
- Exploited in the Wild
- Yes (2009-07-07 23:00:00 UTC) Source
windows
metasploit_scanner
CVSS Scores
CVSS v2.0
9.3
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploit Status
References
http://www.securityfocus.com/bid/35558
http://www.us-cert.gov/cas/techalerts/TA09-223A.html
http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx
http://osvdb.org/55651
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6333
http://www.securityfocus.com/bid/35585
http://secunia.com/advisories/36187
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-032
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7436
http://www.vupen.com/english/advisories/2009/2232
http://www.securitytracker.com/id?1022514
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037
http://www.csis.dk/dk/nyheder/nyheder.asp?tekstID=799
http://isc.sans.org/diary.html?storyid=6733
http://www.us-cert.gov/cas/techalerts/TA09-187A.html
http://www.microsoft.com/technet/security/advisory/972890.mspx
http://www.us-cert.gov/cas/techalerts/TA09-195A.html
http://www.iss.net/threats/329.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6363
http://www.kb.cert.org/vuls/id/180513
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CVE | 2009-07-07 23:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/msvidctl_mpeg2.rb | 2025-04-29 11:01:32 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
msvidctl_mpeg2
Type: metasploit • Created: Unknown
Metasploit module for CVE-2008-0015
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Metasploit