CVE-2008-3009
Summary
| CVE | CVE-2008-3009 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-12-10 14:00:00 UTC |
| Updated | 2023-12-07 18:38:00 UTC |
| Description | Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." |
Risk And Classification
Problem Types: CWE-255
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Microsoft | Windows 2000 | All | sp4 | All | All |
| Operating System | Microsoft | Windows 2000 | All | sp4 | All | All |
| Application | Microsoft | Windows Media Format Runtime | 11 | All | All | All |
| Application | Microsoft | Windows Media Format Runtime | 11 | All | x64 | All |
| Application | Microsoft | Windows Media Format Runtime | 7.1 | All | All | All |
| Application | Microsoft | Windows Media Format Runtime | 9 | All | All | All |
| Application | Microsoft | Windows Media Format Runtime | 9.5 | All | All | All |
| Application | Microsoft | Windows Media Format Runtime | 9.5 | All | x64 | All |
| Application | Microsoft | Windows Media Format Runtime | 11 | All | All | All |
| Application | Microsoft | Windows Media Format Runtime | 11 | All | x64 | All |
| Application | Microsoft | Windows Media Format Runtime | 7.1 | All | All | All |
| Application | Microsoft | Windows Media Format Runtime | 9 | All | All | All |
| Application | Microsoft | Windows Media Format Runtime | 9.5 | All | All | All |
| Application | Microsoft | Windows Media Format Runtime | 9.5 | All | x64 | All |
| Application | Microsoft | Windows Media Player | 6.4 | All | All | All |
| Application | Microsoft | Windows Media Player | 6.4 | All | All | All |
| Application | Microsoft | Windows Media Services | 2008 | All | All | All |
| Application | Microsoft | Windows Media Services | 4.1 | All | All | All |
| Application | Microsoft | Windows Media Services | 9 | All | All | All |
| Application | Microsoft | Windows Media Services | 2008 | All | All | All |
| Application | Microsoft | Windows Media Services | 4.1 | All | All | All |
| Application | Microsoft | Windows Media Services | 9 | All | All | All |
| Operating System | Microsoft | Windows Server 2003 | All | All | All | All |
| Operating System | Microsoft | Windows Server 2003 | All | sp1 | All | All |
| Operating System | Microsoft | Windows Server 2003 | All | sp2 | All | All |
| Operating System | Microsoft | Windows Server 2003 | All | All | All | All |
| Operating System | Microsoft | Windows Server 2003 | All | sp1 | All | All |
| Operating System | Microsoft | Windows Server 2003 | All | sp2 | All | All |
| Operating System | Microsoft | Windows Server 2008 | All | All | x32 | All |
| Operating System | Microsoft | Windows Server 2008 | All | All | x64 | All |
| Operating System | Microsoft | Windows Server 2008 | All | All | x32 | All |
| Operating System | Microsoft | Windows Server 2008 | All | All | x64 | All |
| Operating System | Microsoft | Windows Vista | All | All | x64 | All |
| Operating System | Microsoft | Windows Vista | All | sp1 | All | All |
| Operating System | Microsoft | Windows Vista | All | sp1 | x64 | All |
| Operating System | Microsoft | Windows Vista | gold | All | All | All |
| Operating System | Microsoft | Windows Vista | All | All | x64 | All |
| Operating System | Microsoft | Windows Vista | All | sp1 | All | All |
| Operating System | Microsoft | Windows Vista | All | sp1 | x64 | All |
| Operating System | Microsoft | Windows Vista | gold | All | All | All |
| Operating System | Microsoft | Windows Xp | All | All | pro_x64 | All |
| Operating System | Microsoft | Windows Xp | All | All | x64 | All |
| Operating System | Microsoft | Windows Xp | All | sp2 | All | All |
| Operating System | Microsoft | Windows Xp | All | sp2 | pro_x64 | All |
| Operating System | Microsoft | Windows Xp | All | sp3 | All | All |
| Operating System | Microsoft | Windows Xp | All | All | pro_x64 | All |
| Operating System | Microsoft | Windows Xp | All | All | x64 | All |
| Operating System | Microsoft | Windows Xp | All | sp2 | All | All |
| Operating System | Microsoft | Windows Xp | All | sp2 | pro_x64 | All |
| Operating System | Microsoft | Windows Xp | All | sp3 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Windows Media Player Service Principal Name NTLM Authentication Implementation Lets Remote Users Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| Microsoft Windows Media Components 'Service Principle Name' Remote Code Execution Vulnerability | BID | www.securityfocus.com | |
| Microsoft Windows Media Products Two Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | |
| Microsoft Security Bulletin MS08-076 - Important | Microsoft Docs | MS | docs.microsoft.com | |
| Windows Media Services Service Principal Name NTLM Authentication Implementation Lets Remote Users Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| US-CERT Technical Cyber Security Alert TA08-344A -- Microsoft Updates for Multiple Vulnerabilities | CERT | www.us-cert.gov | US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.