{"api_version":"1","generated_at":"2026-05-13T05:23:25+00:00","cve":"CVE-2008-0011","urls":{"html":"https://cve.report/CVE-2008-0011","api":"https://cve.report/api/cve/CVE-2008-0011.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2008-0011","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2008-0011"},"summary":{"title":"CVE-2008-0011","description":"Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the \"MJPEG Decoder Vulnerability.\"","state":"PUBLISHED","assigner":"mitre","published_at":"2008-06-12 02:32:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-119","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"9.3","severity":"","vector":"AV:N/AC:M/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://secunia.com/advisories/30579","name":"http://secunia.com/advisories/30579","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Microsoft DirectX MJPEG/SAMI File Processing Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.us-cert.gov/cas/techalerts/TA08-162B.html","name":"http://www.us-cert.gov/cas/techalerts/TA08-162B.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"],"title":"US-CERT Technical Cyber Security Alert TA08-162B -- Microsoft Updates for Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/29581","name":"http://www.securityfocus.com/bid/29581","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"Microsoft DirectX MJPEG Video Streaming Stack Based Buffer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://marc.info/?l=bugtraq&m=121380194923597&w=2","name":"http://marc.info/?l=bugtraq&m=121380194923597&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1020222","name":"http://securitytracker.com/id?1020222","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"Microsoft DirectX MJPEG Stream Error Handling Bug Lets Remote Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2008/1780","name":"http://www.vupen.com/english/advisories/2008/1780","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5236","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5236","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033","name":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Microsoft Security Bulletin MS08-033 - Critical | Microsoft Docs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2008-0011","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-0011","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2008","cve_id":"11","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"directx","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"11","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows-nt","cpe6":"xp","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"11","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_2000","cpe6":"*","cpe7":"sp4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"11","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_2003_server","cpe6":"*","cpe7":"*","cpe8":"x64","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"11","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_2003_server","cpe6":"*","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"11","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_2003_server","cpe6":"*","cpe7":"sp1","cpe8":"itanium","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"11","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_2003_server","cpe6":"*","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"11","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_2003_server","cpe6":"*","cpe7":"sp2","cpe8":"itanium","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"11","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_2003_server","cpe6":"*","cpe7":"sp2","cpe8":"x64","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"11","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_xp","cpe6":"*","cpe7":"*","cpe8":"x64","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"11","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_xp","cpe6":"*","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"11","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_xp","cpe6":"*","cpe7":"sp2","cpe8":"x64","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T07:32:23.461Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"ADV-2008-1780","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2008/1780"},{"name":"oval:org.mitre.oval:def:5236","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5236"},{"name":"1020222","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1020222"},{"name":"MS08-033","tags":["vendor-advisory","x_refsource_MS","x_transferred"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033"},{"name":"TA08-162B","tags":["third-party-advisory","x_refsource_CERT","x_transferred"],"url":"http://www.us-cert.gov/cas/techalerts/TA08-162B.html"},{"name":"HPSBST02344","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=121380194923597&w=2"},{"name":"29581","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/29581"},{"name":"30579","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/30579"},{"name":"SSRT080087","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=121380194923597&w=2"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2008-06-10T00:00:00.000Z","descriptions":[{"lang":"en","value":"Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the \"MJPEG Decoder Vulnerability.\""}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-12T19:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"ADV-2008-1780","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2008/1780"},{"name":"oval:org.mitre.oval:def:5236","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5236"},{"name":"1020222","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1020222"},{"name":"MS08-033","tags":["vendor-advisory","x_refsource_MS"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033"},{"name":"TA08-162B","tags":["third-party-advisory","x_refsource_CERT"],"url":"http://www.us-cert.gov/cas/techalerts/TA08-162B.html"},{"name":"HPSBST02344","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=121380194923597&w=2"},{"name":"29581","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/29581"},{"name":"30579","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/30579"},{"name":"SSRT080087","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=121380194923597&w=2"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2008-0011","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the \"MJPEG Decoder Vulnerability.\""}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"ADV-2008-1780","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2008/1780"},{"name":"oval:org.mitre.oval:def:5236","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5236"},{"name":"1020222","refsource":"SECTRACK","url":"http://securitytracker.com/id?1020222"},{"name":"MS08-033","refsource":"MS","url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033"},{"name":"TA08-162B","refsource":"CERT","url":"http://www.us-cert.gov/cas/techalerts/TA08-162B.html"},{"name":"HPSBST02344","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=121380194923597&w=2"},{"name":"29581","refsource":"BID","url":"http://www.securityfocus.com/bid/29581"},{"name":"30579","refsource":"SECUNIA","url":"http://secunia.com/advisories/30579"},{"name":"SSRT080087","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=121380194923597&w=2"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2008-0011","datePublished":"2008-06-12T01:30:00.000Z","dateReserved":"2007-12-13T00:00:00.000Z","dateUpdated":"2024-08-07T07:32:23.461Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2008-06-12 02:32:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-119","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows-nt:xp:sp3:*:*:*:*:*:*","matchCriteriaId":"73AED29E-B778-4186-8968-EB608E34E540"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*","matchCriteriaId":"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*","matchCriteriaId":"CD264C73-360E-414D-BE22-192F92E5A0A3"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*","matchCriteriaId":"FE8F4276-4D97-480D-A542-FE9982FFD765"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_2003_server:*:sp1:itanium:*:*:*:*:*","matchCriteriaId":"972ADDBC-5D6E-48D5-9DB7-44FE0539807D"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*","matchCriteriaId":"2978BF86-5A1A-438E-B81F-F360D0E30C9C"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*","matchCriteriaId":"F7EFB032-47F4-4497-B16B-CB9126EAC9DF"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*","matchCriteriaId":"6881476D-81A2-4DFD-AC77-82A8D08A0568"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*","matchCriteriaId":"ACF75FC8-095A-4EEA-9A41-C27CFF3953FB"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*","matchCriteriaId":"9B339C33-8896-4896-88FF-88E74FDBC543"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*","matchCriteriaId":"57ECAAA8-8709-4AC7-9CE7-49A8040C04D3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:directx:9.0:*:*:*:*:*:*:*","matchCriteriaId":"2936E9C2-65E6-4D26-A277-FF2AE13A3FEC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*","matchCriteriaId":"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:directx:7.0:*:*:*:*:*:*:*","matchCriteriaId":"2BFE77B9-6C2A-45D3-A4B5-2679CC4B0DA2"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:directx:8.1:*:*:*:*:*:*:*","matchCriteriaId":"8FF0278F-AFA7-48BA-8762-5569EC174AEE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows-nt:2008:*:itanium:*:*:*:*:*","matchCriteriaId":"59F8A83B-899C-47CE-B444-E8B4AC7723C7"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows-nt:2008:*:x32:*:*:*:*:*","matchCriteriaId":"7AF8B188-A5E0-4D53-9FE1-C72BD956191B"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows-nt:2008:*:x64:*:*:*:*:*","matchCriteriaId":"2B89E436-C99E-4F68-AADD-E5980B346E95"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*","matchCriteriaId":"1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:directx:10.0:*:*:*:*:*:*:*","matchCriteriaId":"5A53A6AC-74B0-4DB3-B94D-06FB969AE83C"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2008","CveId":"11","Ordinal":"1","Title":"CVE-2008-0011","CVE":"CVE-2008-0011","Year":"2008"},"notes":[{"CveYear":"2008","CveId":"11","Ordinal":"1","NoteData":"Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the \"MJPEG Decoder Vulnerability.\"","Type":"Description","Title":"CVE-2008-0011"},{"CveYear":"2008","CveId":"11","Ordinal":"2","NoteData":"2008-06-11","Type":"Other","Title":"Published"},{"CveYear":"2008","CveId":"11","Ordinal":"3","NoteData":"2018-10-12","Type":"Other","Title":"Modified"}]}}}