CVE-2008-0011

2008-06-1202:32:00

CWE-119

[email protected]

web.nvd.nist.gov

microsoft

directx

mjpeg

decoder

vulnerability

remote execution

cve-2008-0011

nvd

7.3 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.91 High

EPSS

Percentile

98.8%

JSON

Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the “MJPEG Decoder Vulnerability.”

CPENameOperatorVersion
microsoft:directxmicrosoft directxeq9.0
microsoft:directxmicrosoft directxeq7.0
microsoft:directxmicrosoft directxeq8.1
microsoft:directxmicrosoft directxeq10.0

CPE	Name	Operator	Version
microsoft:directx	microsoft directx	eq	9.0
microsoft:directx	microsoft directx	eq	7.0
microsoft:directx	microsoft directx	eq	8.1
microsoft:directx	microsoft directx	eq	10.0