← Back

CVE-2008-3009

nvd nist
Published: Dec 10, 2008Modified: Apr 23, 2026

JSON object

Loading...
10.0
Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
Exploitability: 10.0 / Impact: 10.0
Source: NVD

Description

Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."

Affected (10)

Microsoft
3 products
Windows Media Player
Windows Media Format Runtime
Windows Media Services
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Windows Media Player
Version 6.4
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Windows Media Format Runtime
Version 7.1
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Windows Media Services
Version 4.1
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Windows Media Services
Version 9
Configuration E
1 vulnerable
Vulnerable SoftwareAffected Versions
Windows Media Services
Version 2008
Configuration F
1 vulnerable · 5 platform
Vulnerable SoftwareAffected Versions
Windows Media Format Runtime
Version 11
Running on/withPlatform Versions
Microsoft
Windows Server 2008
All versions
Microsoft
Windows Server 2008
All versions
Microsoft
Windows Vista
All versions
Microsoft
Windows Vista
All versions
Microsoft
Windows Vista
Version gold
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Windows Media Format Runtime
Version 11
Running on/withPlatform Versions
Microsoft
Windows Xp
All versions
Configuration H
1 vulnerable
Vulnerable SoftwareAffected Versions
Windows Media Format Runtime
Version 9.5
Configuration I
1 vulnerable · 5 platform
Vulnerable SoftwareAffected Versions
Windows Media Format Runtime
Version 9.5
Running on/withPlatform Versions
Microsoft
Windows Server 2003
All versions
Microsoft
Windows Server 2003
All versions
Microsoft
Windows Server 2003
All versions
Microsoft
Windows Xp
All versions
Microsoft
Windows Xp
All versions
Configuration J
1 vulnerable · 3 platform
Vulnerable SoftwareAffected Versions
Windows Media Format Runtime
Version 9
Running on/withPlatform Versions
Microsoft
Windows 2000
All versions
Microsoft
Windows Xp
All versions
Microsoft
Windows Xp
All versions

Related CWEs

CWE-255
CWE-255

References (16)

Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
US Government Resource
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.