Microsoft Windows Media Services Nskey.dll ActiveX BOF Vulnerability Network Vulnerability

Summary

This host is installed with Windows Media Services and is prone to Buffer Overflow vulnerability.

Impact

Successful exploitation could allow execution of arbitrary code, and cause the victim's browser to crash. Impact Level: Application

Solution

Vendor has released a patch to fix this issue. Windows Media Services customers should contact the vendor for support for upgrade or patch. http://www.microsoft.com/windows/windowsmedia/forpros/server/server.aspx Workaround: Set a kill bit for the CLSID {2646205B-878C-11D1-B07C-0000C040BCDB}

Insight

The flaw is due to an error in CallHTMLHelp method in nskey.dll file, which fails to perform adequate boundary checks on user-supplied input.

Affected

Microsoft Windows Media Services on Windows NT/2000 Server.

References

http://downloads.securityfocus.com/vulnerabilities/exploits/30814.html.txt
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5232

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5232
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Alleycode HTML Editor Buffer Overflow Vulnerabilities
Buffer Overflow Vulnerability in Adobe Reader (Linux)
Adobe Reader Multiple BOF Vulnerabilities - Jun09 (Linux)
Apple QuickTime Multiple Vulnerabilities - Sep09
BSPlayer Stack Overflow Vulnerability SRT

Microsoft Windows Media Services nskey.dll ActiveX BOF Vulnerability

Take action and discover your vulnerabilities