<< Back
CVE Number Vulnerability Product Severity Date
MS08-076 Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) Microsoft Windows Critical 10-12-2008

Technical Information

Brief overview of the risk:
A credential reflection vulnerability exists in the Windows Media components that could allow an attacker to execute code with the same rights as the local user or with Windows Media Services distribution credentials. The vulnerability exists due to weaknesses in Service Principal Name (SPN) implementations within Windows Media components.
Detailed Information on the risk:
This security update resolves two privately reported vulnerabilities in the following Windows Media components: Windows Media Player, Windows Media Format Runtime, and Windows Media Services. The most severe vulnerability could allow remote code execution. Further information on this exploit is available at : MS08-076

Affected Software

Microsoft Windows 2000 Server Service Pack 4
Microsoft Windows 2000 Service Pack 4
Microsoft Windows Media Format 9.5
Microsoft Windows Server 2003
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 2 and 3
Windows Media Format Runtime 11
Windows Media Services 2008
Windows Media Services 4.1
Windows Media Services 9 Series
Windows Server 2003 SP1