← Retour aux CVEs
CVE-2008-0015
HIGHCISA KEV8.8
Description
Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
Details CVE
Score CVSS v3.18.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie7/7/2009
Derniere modification2/18/2026
Sourcekev
Observations honeypot0
CISA KEV
FournisseurMicrosoft
ProduitWindows
Nom vulnerabilite Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability
Date ajout KEV2026-02-17
Date limite remediation2026-03-10
Utilise dans ransomwareUnknown
Produits affectes
microsoft:windows_2003_servermicrosoft:windows_xp
Faiblesses (CWE)
CWE-119CWE-121
References
http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx(cve@mitre.org)
http://isc.sans.org/diary.html?storyid=6733(cve@mitre.org)
http://osvdb.org/55651(cve@mitre.org)
http://secunia.com/advisories/36187(cve@mitre.org)
http://www.csis.dk/dk/nyheder/nyheder.asp?tekstID=799(cve@mitre.org)
http://www.iss.net/threats/329.html(cve@mitre.org)
http://www.kb.cert.org/vuls/id/180513(cve@mitre.org)
http://www.securityfocus.com/bid/35558(cve@mitre.org)
http://www.securityfocus.com/bid/35585(cve@mitre.org)
http://www.securitytracker.com/id?1022514(cve@mitre.org)
http://www.us-cert.gov/cas/techalerts/TA09-187A.html(cve@mitre.org)
http://www.us-cert.gov/cas/techalerts/TA09-195A.html(cve@mitre.org)
http://www.us-cert.gov/cas/techalerts/TA09-223A.html(cve@mitre.org)
http://www.vupen.com/english/advisories/2009/2232(cve@mitre.org)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6333(cve@mitre.org)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6363(cve@mitre.org)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7436(cve@mitre.org)
http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx(af854a3a-2127-422b-91ae-364da2661108)
http://isc.sans.org/diary.html?storyid=6733(af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/55651(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36187(af854a3a-2127-422b-91ae-364da2661108)
http://www.csis.dk/dk/nyheder/nyheder.asp?tekstID=799(af854a3a-2127-422b-91ae-364da2661108)
http://www.iss.net/threats/329.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/180513(af854a3a-2127-422b-91ae-364da2661108)
http://www.microsoft.com/technet/security/advisory/972890.mspx(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/35558(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/35585(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1022514(af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA09-187A.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA09-195A.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA09-223A.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/2232(af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-032(af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037(af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6333(af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6363(af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7436(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2008-0015(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.