Vulnerability Description
Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows-Nt | xp |
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows 2003 Server | All versions |
| Microsoft | Windows Xp | All versions |
| Microsoft | Directx | 9.0 |
| Microsoft | Windows Vista | All versions |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=121380194923597&w=2Mailing List
- http://secunia.com/advisories/30579PatchVendor Advisory
- http://securitytracker.com/id?1020222Patch
- http://www.securityfocus.com/bid/29581Patch
- http://www.us-cert.gov/cas/techalerts/TA08-162B.htmlThird Party AdvisoryUS Government Resource
- http://www.vupen.com/english/advisories/2008/1780Broken Link
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-03
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://marc.info/?l=bugtraq&m=121380194923597&w=2Mailing List
- http://secunia.com/advisories/30579PatchVendor Advisory
- http://securitytracker.com/id?1020222Patch
- http://www.securityfocus.com/bid/29581Patch
- http://www.us-cert.gov/cas/techalerts/TA08-162B.htmlThird Party AdvisoryUS Government Resource
- http://www.vupen.com/english/advisories/2008/1780Broken Link
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-03
FAQ
What is CVE-2008-0011?
CVE-2008-0011 is a vulnerability with a CVSS score of 9.3 (HIGH). Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows ...
How severe is CVE-2008-0011?
CVE-2008-0011 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0011?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows-Nt, Microsoft Windows 2000, Microsoft Windows 2003 Server, Microsoft Windows Xp, Microsoft Directx.