Back to CVE Browser

CVE-2008-0015

Known Exploited (CISA KEV)HIGH

8.8

CVSS Severity Score

EPSS Score72.7900%

EPSS Percentile97.04th

PublishedJul 7, 2009

Last ModifiedApr 21, 2026

Vulnerability Description

Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."

Affected Platforms (CPE)

💻

Microsoft

Windows 2003 Server

All versions

💻

Microsoft

Windows 2003 Server

All versions

💻

Microsoft

Windows 2003 Server

All versions

💻

Microsoft

Windows Xp

All versions

💻

Microsoft

Windows Xp

All versions

References & Advisories

🔗 http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx

🔗 http://isc.sans.org/diary.html?storyid=6733

🔗 http://osvdb.org/55651

🔗 http://secunia.com/advisories/36187

🔗 http://www.csis.dk/dk/nyheder/nyheder.asp?tekstID=799

🔗 http://www.iss.net/threats/329.html

🔗 http://www.kb.cert.org/vuls/id/180513

🔗 http://www.microsoft.com/technet/security/advisory/972890.mspx

Related Vulnerabilities

CVE-2004-020910.0

Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 al...

CVE-2004-042010.0

The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows ...

CVE-2004-020110.0

Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Serve...

CVE-2004-057410.0

The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, ...