| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS08-076 | Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) | Microsoft Windows | Critical | 10-12-2008 |
Technical Information
Brief overview of the risk:
A credential reflection vulnerability exists in the Windows Media components that could allow an attacker to execute code with the same rights as the local user or with Windows Media Services distribution credentials. The vulnerability exists due to weaknesses in Service Principal Name (SPN) implementations within Windows Media components.
Detailed Information on the risk:
This security update resolves two privately reported vulnerabilities in the following Windows Media components: Windows Media Player, Windows Media Format Runtime, and Windows Media Services. The most severe vulnerability could allow remote code execution. Further information on this exploit is available at : MS08-076
Affected Software
Microsoft Windows 2000 Server Service Pack 4Microsoft Windows 2000 Service Pack 4
Microsoft Windows Media Format 9.5
Microsoft Windows Server 2003
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 2 and 3
Windows Media Format Runtime 11
Windows Media Services 2008
Windows Media Services 4.1
Windows Media Services 9 Series
Windows Server 2003 SP1