CVE-2008-3009

NONECVSS 0.0

0.0

Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."

🔗 References (16)

secure@microsofthttp://secunia.com/advisories/33058
secure@microsofthttp://www.securityfocus.com/bid/32653
secure@microsofthttp://www.securitytracker.com/id?1021372
secure@microsofthttp://www.securitytracker.com/id?1021373
secure@microsofthttp://www.us-cert.gov/cas/techalerts/TA08-344A.html
secure@microsofthttp://www.vupen.com/english/advisories/2008/3388
secure@microsofthttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-076
secure@microsofthttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5942
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33058
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/32653
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1021372
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1021373
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA08-344A.html
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/3388
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-076

Is Your Infrastructure Affected by CVE-2008-3009?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-3009

📅 Published

🔄 Last Modified

🔗 References (16)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-3009?