CVE-2008-2253

Published: Sep 11, 2008Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute arbitrary code via a crafted audio-only file that is streamed from a Server-Side Playlist (SSPL) on Windows Media Server, aka "Windows Media Player Sampling Rate Vulnerability."

Affected (1)

Products: Microsoft: Windows Media Player

1 product

Windows Media Player

Configuration A

1 vulnerable · 6 platform

Vulnerable Software	Affected Versions
Microsoft Windows Media Player	Version 11

Running on/with	Platform Versions
Microsoft Windows Nt	Version 2008
Microsoft Windows Nt	Version 2008
Microsoft Windows Nt	Version xp
Microsoft Windows Nt	Version xp sp2
Microsoft Windows Nt	Version xp sp3
Microsoft Windows Xp	All versions

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (16)

http://marc.info/?l=bugtraq&m=122235754013992&w=2

Source: secure@microsoft.com

Mailing ListThird Party Advisory

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=766863#PRODUCTS

Source: secure@microsoft.com

Broken Link

http://www.securityfocus.com/bid/30550

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1020831

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

http://www.us-cert.gov/cas/techalerts/TA08-253A.html

Source: secure@microsoft.com

Third Party AdvisoryUS Government Resource

http://www.vupen.com/english/advisories/2008/2522

Source: secure@microsoft.com

Third Party Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-054

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5615

Source: secure@microsoft.com

Third Party Advisory

http://marc.info/?l=bugtraq&m=122235754013992&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=766863#PRODUCTS

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.securityfocus.com/bid/30550

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1020831

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.us-cert.gov/cas/techalerts/TA08-253A.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.vupen.com/english/advisories/2008/2522

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-054

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5615

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.