CVE-2008-0015

Description

Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka Microsoft Video ActiveX Control Vulnerability.

Risk Information

Base Score

8.8

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

80.64

Associated Vulnerability

Vulnerability	OS Platform
Cumulative Security Update for ActiveX Killbits for Windows 2000 (KB973346)	Windows
Cumulative Security Update for ActiveX Killbits for Windows XP (KB973346) x86 based systems	Windows
Cumulative Security Update for ActiveX Killbits for Windows Server 2003 (KB973346)	Windows
Cumulative Security Update for ActiveX Killbits for Windows XP (KB973346) x64 bases systems	Windows
Cumulative Security Update for ActiveX Killbits for Windows Server 2003 x64 Edition (KB973346)	Windows
Security Update for Outlook Express 6.0 for Windows 2000 (KB973354)	Windows
Security Update for Windows XP (KB973354) x86 based systems	Windows
Security Update for Windows XP (KB973354) x86 based systems for SP3	Windows
Security Update for Windows Server 2003 (KB973354)	Windows
Security Update for Windows XP x64 Edition (KB973354)	Windows
Security Update for Windows Server 2003 x64 Edition (KB973354)	Windows
Security Update for Windows Media Player 9 for Windows 2000 (KB973540)	Windows
Security Update for Windows XP Service Pack 2 (KB973540)	Windows
Security Update for Windows XP Service Pack 3 (KB973540)	Windows
Security Update for Windows XP x64 Edition (KB973540)	Windows
Security Update for Windows Media Player 11 for Windows XP X64 Edition (KB973540)	Windows
Security Update for Windows Server 2003 (KB973540)	Windows
Security Update for Windows Server 2003 x64 Edition (KB973540)	Windows
Security Update for Windows Vista (KB973540) x86 based systems	Windows
Security Update for Windows Vista (KB973540) x86 based systems for SP1	Windows
Security Update for Windows Vista (KB973540) x86 based systems for SP2	Windows
Security Update for Windows Vista for x64-based Systems (KB973540)	Windows
Security Update for Windows Vista for x64-based Systems (KB973540) for SP1	Windows
Security Update for Windows Vista for x64-based Systems (KB973540)	Windows
Security Update for Windows Server 2008 (KB973540) x86 based systems	Windows
Security Update for Windows Server 2008 (KB973540) x86 based systems for SP2	Windows
Security Update for Windows Server 2008 x64 Edition (KB973540)	Windows
Security Update for Windows Server 2008 x64 Edition (KB973540) for SP2	Windows
Security Update for Windows 2000 (KB973507)	Windows
Security Update for Windows XP (KB973507)	Windows
Security Update for Windows XP x64 Edition (KB973507)	Windows
Security Update for Windows Vista (KB973507)	Windows
Security Update for Windows Vista for x64-based Systems (KB973507)	Windows
Security Update for Windows Server 2008 (KB973507)	Windows
Security Update for Windows Server 2008 x64 Edition (KB973507)	Windows
Security Update for Windows Server 2003 (KB973507)	Windows
Security Update for Windows Server 2003 x64 Edition (KB973507)	Windows
Security Update for Windows 2000 (KB973869)	Windows
Security Update for Windows XP (KB973869)	Windows
Security Update for Windows Server 2003 (KB973869)	Windows
Security Update for Windows XP x64 Edition (KB973869)	Windows
Security Update for Windows Server 2003 x64 Edition (KB973869)	Windows
Security Update for Windows XP (KB973815) x86 based systems	Windows
Security Update for Windows XP (KB973815) x86 based systems for SP3	Windows
Security Update for Windows Server 2003 (KB973815)	Windows
Security Update for Windows XP x64 Edition (KB973815)	Windows
Security Update for Windows Server 2003 x64 Edition (KB973815)	Windows
Security Update for Windows XP Service Pack 2 (KB973540)	Windows
Security Update for Windows XP Service Pack 3 (KB973540) x86 based systems	Windows
Security Update for Windows XP Service Pack 2 (KB973540)	Windows
Security Update for Windows XP Service Pack 3 (KB97354011) x86 based systems	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-7236	Cumulative Security Update for ActiveX Killbits for Windows Server 2003 (KB973346)
PATCH-7237	Cumulative Security Update for ActiveX Killbits for Windows XP (KB973346)
PATCH-7238	Cumulative Security Update for ActiveX Killbits for Windows Server 2003 x64 Edition (KB973346)
PATCH-7321	Security Update for Windows Vista (KB973540)
PATCH-7324	Security Update for Windows Vista for x64-based Systems (KB973540)
PATCH-7325	Security Update for Windows Server 2008 (KB973540)
PATCH-7326	Security Update for Windows Server 2008 (KB973540)
PATCH-7327	Security Update for Windows Server 2008 x64 Edition (KB973540)
PATCH-7328	Security Update for Windows Server 2008 x64 Edition (KB973540)
PATCH-7334	Security Update for Windows Server 2008 (KB973507)
PATCH-7335	Security Update for Windows Server 2008 x64 Edition (KB973507)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234