Windows Media Encoder 9 wmex.dll ActiveX buffer overflow

2008-09-09T00:00:00
ID SAINT:0C54CA9154F4876C286AC049D84BDAC8
Type saint
Reporter SAINT Corporation
Modified 2008-09-09T00:00:00

Description

Added: 09/09/2008
CVE: CVE-2008-3008
BID: 31065
OSVDB: 47962

Background

Windows Media Encoder is a tool for content producers to capture and compress audio and video content.

Windows Media Encoder 9 installs the **wmex.dll** ActiveX control.

Problem

A buffer overflow vulnerability in the **wmex.dll** ActiveX control allows command execution when a user opens a specially crafted web page.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 08-053.

References

<http://www.microsoft.com/technet/security/Bulletin/ms08-053.mspx>

Limitations

Exploit works on Windows Media Encoder 9 and requires a user to open the exploit page in Internet Explorer.

Platforms

Windows