Windows Media Encoder 9 Remote Code Execution Vulnerability (954156) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS08-053.

Impact

Remote attackers can execute arbitrary code, if a user views a specially crafted web page, and can successfully exploit to take complete control of an affected system to view, change, or delete, or create new accounts with full user rights. Impact Level : Application/System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms08-053.mspx

Insight

The flaw is due to a boundary error in the WMEX.DLL ActiveX control.

Affected

Windows Media Encoder 9 on Windows 2K/XP/2003

References

http://www.microsoft.com/technet/security/bulletin/ms08-053.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-3008
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Group Policy Remote Code Execution Vulnerability (3000483)
Consent User Interface Privilege Escalation Vulnerability (2442962)
Microsoft .NET Framework Remote Code Execution Vulnerability (2484015)
Microsoft .NET Framework Privilege Elevation Vulnerability (2800277)
Microsoft Bluetooth Stack Remote Code Execution Vulnerability (2566220)

Take action and discover your vulnerabilities