1. Home
  2. CVE Database
  3. CVE-2008-3010
HIGH · 10.0

CVE-2008-3010

Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows ...

Vulnerability Description

Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability."

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
MicrosoftWindows Media Player6.4
MicrosoftWindows 2000All versions
MicrosoftWindows 2003 ServerAll versions
MicrosoftWindows Server 2003All versions
MicrosoftWindows XpAll versions

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2008-3010?

CVE-2008-3010 is a vulnerability with a CVSS score of 10.0 (HIGH). Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows ...

How severe is CVE-2008-3010?

CVE-2008-3010 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-3010?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows Media Player, Microsoft Windows 2000, Microsoft Windows 2003 Server, Microsoft Windows Server 2003, Microsoft Windows Xp.