CyberSec.Space Logo
Back to CVE Browser

CVE-2008-3009

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1460%
EPSS Percentile22.07th
PublishedDec 10, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."

Affected Platforms (CPE)

πŸ“¦
Microsoft

Windows Media Player

= 6.4
πŸ“¦
Microsoft

Windows Media Format Runtime

= 7.1
πŸ“¦
Microsoft

Windows Media Services

= 4.1
πŸ“¦
Microsoft

Windows Media Services

= 9
πŸ“¦
Microsoft

Windows Media Services

= 2008
πŸ“¦
Microsoft

Windows Media Format Runtime

= 11
πŸ“¦
Microsoft

Windows Media Format Runtime

= 11
πŸ“¦
Microsoft

Windows Media Format Runtime

= 9.5
πŸ“¦
Microsoft

Windows Media Format Runtime

= 9.5
πŸ“¦
Microsoft

Windows Media Format Runtime

= 9

References & Advisories

πŸ”— http://secunia.com/advisories/33058
πŸ”— http://www.securityfocus.com/bid/32653
πŸ”— http://www.securitytracker.com/id?1021372
πŸ”— http://www.securitytracker.com/id?1021373
πŸ”— http://www.us-cert.gov/cas/techalerts/TA08-344A.html
πŸ”— http://www.vupen.com/english/advisories/2008/3388
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-076
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5942

Related Vulnerabilities

CVE-2008-301010.0

Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly ...

CVE-2009-089310.0

Multiple heap-based buffer overflows in xvidcore/src/decoder.c in the xvidcore library in Xvid before 1.2.2, as used by Windows Me...

CVE-2008-029610.0

Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow...

CVE-2009-089410.0

Heap-based buffer overflow in the decoder_create function in the initialization functionality in xvidcore/src/decoder.c in Xvid be...