cvelistv5 - cve-2008-0015

CVE-2008-0015 (GCVE-0-2008-0015)

Vulnerability from cvelistv5

Published

2009-07-07 23:00

Modified

2026-02-18 04:56

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Summary

Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."

References

URL

Tags

	http://www.securityfocus.com/bid/35558	vdb-entry, x_refsource_BID
	http://www.us-cert.gov/cas/techalerts/TA09-223A.html	third-party-advisory, x_refsource_CERT
	http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx	x_refsource_MISC
	http://osvdb.org/55651	vdb-entry, x_refsource_OSVDB
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6333	vdb-entry, signature, x_refsource_OVAL
	http://www.securityfocus.com/bid/35585	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/36187	third-party-advisory, x_refsource_SECUNIA
	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-032	vendor-advisory, x_refsource_MS
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7436	vdb-entry, signature, x_refsource_OVAL
	http://www.vupen.com/english/advisories/2009/2232	vdb-entry, x_refsource_VUPEN
	http://www.securitytracker.com/id?1022514	vdb-entry, x_refsource_SECTRACK
	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037	vendor-advisory, x_refsource_MS
	http://www.csis.dk/dk/nyheder/nyheder.asp?tekstID=799	x_refsource_MISC
	http://isc.sans.org/diary.html?storyid=6733	x_refsource_MISC
	http://www.us-cert.gov/cas/techalerts/TA09-187A.html	third-party-advisory, x_refsource_CERT
	http://www.microsoft.com/technet/security/advisory/972890.mspx	x_refsource_CONFIRM
	http://www.us-cert.gov/cas/techalerts/TA09-195A.html	third-party-advisory, x_refsource_CERT
	http://www.iss.net/threats/329.html	third-party-advisory, x_refsource_ISS
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6363	vdb-entry, signature, x_refsource_OVAL
	http://www.kb.cert.org/vuls/id/180513	third-party-advisory, x_refsource_CERT-VN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2026-02-17

Due date: 2026-03-10

Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Used in ransomware: Unknown

Notes: https://web.archive.org/web/20110305211119/https://www.microsoft.com/technet/security/bulletin/ms09-032.mspx ; https://nvd.nist.gov/vuln/detail/CVE-2008-0015

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:32:23.333Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "35558",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35558"
          },
          {
            "name": "TA09-223A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
          },
          {
            "name": "55651",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/55651"
          },
          {
            "name": "oval:org.mitre.oval:def:6333",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6333"
          },
          {
            "name": "35585",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35585"
          },
          {
            "name": "36187",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36187"
          },
          {
            "name": "MS09-032",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-032"
          },
          {
            "name": "oval:org.mitre.oval:def:7436",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7436"
          },
          {
            "name": "ADV-2009-2232",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2232"
          },
          {
            "name": "1022514",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022514"
          },
          {
            "name": "MS09-037",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.csis.dk/dk/nyheder/nyheder.asp?tekstID=799"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://isc.sans.org/diary.html?storyid=6733"
          },
          {
            "name": "TA09-187A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-187A.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.microsoft.com/technet/security/advisory/972890.mspx"
          },
          {
            "name": "TA09-195A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
          },
          {
            "name": "20090706 Multiple Microsoft Video Control ActiveX Remote Code Execution Vulnerabilities",
            "tags": [
              "third-party-advisory",
              "x_refsource_ISS",
              "x_transferred"
            ],
            "url": "http://www.iss.net/threats/329.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6363",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6363"
          },
          {
            "name": "VU#180513",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/180513"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2008-0015",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-17T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2026-02-17",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2008-0015"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-121",
                "description": "CWE-121 Stack-based Buffer Overflow",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-18T04:56:26.652Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2008-0015"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-02-17T00:00:00.000Z",
            "value": "CVE-2008-0015 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-07-06T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka \"Microsoft Video ActiveX Control Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "35558",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35558"
        },
        {
          "name": "TA09-223A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
        },
        {
          "name": "55651",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/55651"
        },
        {
          "name": "oval:org.mitre.oval:def:6333",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6333"
        },
        {
          "name": "35585",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35585"
        },
        {
          "name": "36187",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36187"
        },
        {
          "name": "MS09-032",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-032"
        },
        {
          "name": "oval:org.mitre.oval:def:7436",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7436"
        },
        {
          "name": "ADV-2009-2232",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2232"
        },
        {
          "name": "1022514",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022514"
        },
        {
          "name": "MS09-037",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.csis.dk/dk/nyheder/nyheder.asp?tekstID=799"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://isc.sans.org/diary.html?storyid=6733"
        },
        {
          "name": "TA09-187A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-187A.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.microsoft.com/technet/security/advisory/972890.mspx"
        },
        {
          "name": "TA09-195A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
        },
        {
          "name": "20090706 Multiple Microsoft Video Control ActiveX Remote Code Execution Vulnerabilities",
          "tags": [
            "third-party-advisory",
            "x_refsource_ISS"
          ],
          "url": "http://www.iss.net/threats/329.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6363",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6363"
        },
        {
          "name": "VU#180513",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/180513"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0015",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka \"Microsoft Video ActiveX Control Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "35558",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35558"
            },
            {
              "name": "TA09-223A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
            },
            {
              "name": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx",
              "refsource": "MISC",
              "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
            },
            {
              "name": "55651",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/55651"
            },
            {
              "name": "oval:org.mitre.oval:def:6333",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6333"
            },
            {
              "name": "35585",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35585"
            },
            {
              "name": "36187",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36187"
            },
            {
              "name": "MS09-032",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-032"
            },
            {
              "name": "oval:org.mitre.oval:def:7436",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7436"
            },
            {
              "name": "ADV-2009-2232",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2232"
            },
            {
              "name": "1022514",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022514"
            },
            {
              "name": "MS09-037",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
            },
            {
              "name": "http://www.csis.dk/dk/nyheder/nyheder.asp?tekstID=799",
              "refsource": "MISC",
              "url": "http://www.csis.dk/dk/nyheder/nyheder.asp?tekstID=799"
            },
            {
              "name": "http://isc.sans.org/diary.html?storyid=6733",
              "refsource": "MISC",
              "url": "http://isc.sans.org/diary.html?storyid=6733"
            },
            {
              "name": "TA09-187A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-187A.html"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/972890.mspx",
              "refsource": "CONFIRM",
              "url": "http://www.microsoft.com/technet/security/advisory/972890.mspx"
            },
            {
              "name": "TA09-195A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
            },
            {
              "name": "20090706 Multiple Microsoft Video Control ActiveX Remote Code Execution Vulnerabilities",
              "refsource": "ISS",
              "url": "http://www.iss.net/threats/329.html"
            },
            {
              "name": "oval:org.mitre.oval:def:6363",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6363"
            },
            {
              "name": "VU#180513",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/180513"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0015",
    "datePublished": "2009-07-07T23:00:00.000Z",
    "dateReserved": "2007-12-13T00:00:00.000Z",
    "dateUpdated": "2026-02-18T04:56:26.652Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2008-0015",
      "dateAdded": "2026-02-17",
      "dueDate": "2026-03-10",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://web.archive.org/web/20110305211119/https://www.microsoft.com/technet/security/bulletin/ms09-032.mspx ; https://nvd.nist.gov/vuln/detail/CVE-2008-0015",
      "product": "Windows",
      "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Microsoft Windows Video ActiveX Control contains a remote code execution vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": " Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.securityfocus.com/bid/35558\", \"name\": \"35558\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-223A.html\", \"name\": \"TA09-223A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\", \"x_transferred\"]}, {\"url\": \"http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://osvdb.org/55651\", \"name\": \"55651\", \"tags\": [\"vdb-entry\", \"x_refsource_OSVDB\", \"x_transferred\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6333\", \"name\": \"oval:org.mitre.oval:def:6333\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/35585\", \"name\": \"35585\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://secunia.com/advisories/36187\", \"name\": \"36187\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-032\", \"name\": \"MS09-032\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\", \"x_transferred\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7436\", \"name\": \"oval:org.mitre.oval:def:7436\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\", \"x_transferred\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/2232\", \"name\": \"ADV-2009-2232\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id?1022514\", \"name\": \"1022514\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037\", \"name\": \"MS09-037\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\", \"x_transferred\"]}, {\"url\": \"http://www.csis.dk/dk/nyheder/nyheder.asp?tekstID=799\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://isc.sans.org/diary.html?storyid=6733\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-187A.html\", \"name\": \"TA09-187A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\", \"x_transferred\"]}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/972890.mspx\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-195A.html\", \"name\": \"TA09-195A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\", \"x_transferred\"]}, {\"url\": \"http://www.iss.net/threats/329.html\", \"name\": \"20090706 Multiple Microsoft Video Control ActiveX Remote Code Execution Vulnerabilities\", \"tags\": [\"third-party-advisory\", \"x_refsource_ISS\", \"x_transferred\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6363\", \"name\": \"oval:org.mitre.oval:def:6363\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\", \"x_transferred\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/180513\", \"name\": \"VU#180513\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-07T07:32:23.333Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2008-0015\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-17T17:13:33.656738Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2026-02-17\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2008-0015\"}}}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2008-0015\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-121\", \"description\": \"CWE-121 Stack-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-17T17:02:57.445Z\"}, \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-02-17T00:00:00.000Z\", \"value\": \"CVE-2008-0015 added to CISA KEV\"}]}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2009-07-06T00:00:00.000Z\", \"references\": [{\"url\": \"http://www.securityfocus.com/bid/35558\", \"name\": \"35558\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-223A.html\", \"name\": \"TA09-223A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\"]}, {\"url\": \"http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://osvdb.org/55651\", \"name\": \"55651\", \"tags\": [\"vdb-entry\", \"x_refsource_OSVDB\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6333\", \"name\": \"oval:org.mitre.oval:def:6333\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\"]}, {\"url\": \"http://www.securityfocus.com/bid/35585\", \"name\": \"35585\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://secunia.com/advisories/36187\", \"name\": \"36187\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-032\", \"name\": \"MS09-032\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7436\", \"name\": \"oval:org.mitre.oval:def:7436\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/2232\", \"name\": \"ADV-2009-2232\", \"tags\": [\"vdb-entry\", \"x_refsource_VUPEN\"]}, {\"url\": \"http://www.securitytracker.com/id?1022514\", \"name\": \"1022514\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037\", \"name\": \"MS09-037\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\"]}, {\"url\": \"http://www.csis.dk/dk/nyheder/nyheder.asp?tekstID=799\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://isc.sans.org/diary.html?storyid=6733\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-187A.html\", \"name\": \"TA09-187A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\"]}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/972890.mspx\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-195A.html\", \"name\": \"TA09-195A\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\"]}, {\"url\": \"http://www.iss.net/threats/329.html\", \"name\": \"20090706 Multiple Microsoft Video Control ActiveX Remote Code Execution Vulnerabilities\", \"tags\": [\"third-party-advisory\", \"x_refsource_ISS\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6363\", \"name\": \"oval:org.mitre.oval:def:6363\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/180513\", \"name\": \"VU#180513\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka \\\"Microsoft Video ActiveX Control Vulnerability.\\\"\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2018-10-12T19:57:01.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://www.securityfocus.com/bid/35558\", \"name\": \"35558\", \"refsource\": \"BID\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-223A.html\", \"name\": \"TA09-223A\", \"refsource\": \"CERT\"}, {\"url\": \"http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx\", \"name\": \"http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx\", \"refsource\": \"MISC\"}, {\"url\": \"http://osvdb.org/55651\", \"name\": \"55651\", \"refsource\": \"OSVDB\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6333\", \"name\": \"oval:org.mitre.oval:def:6333\", \"refsource\": \"OVAL\"}, {\"url\": \"http://www.securityfocus.com/bid/35585\", \"name\": \"35585\", \"refsource\": \"BID\"}, {\"url\": \"http://secunia.com/advisories/36187\", \"name\": \"36187\", \"refsource\": \"SECUNIA\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-032\", \"name\": \"MS09-032\", \"refsource\": \"MS\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7436\", \"name\": \"oval:org.mitre.oval:def:7436\", \"refsource\": \"OVAL\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/2232\", \"name\": \"ADV-2009-2232\", \"refsource\": \"VUPEN\"}, {\"url\": \"http://www.securitytracker.com/id?1022514\", \"name\": \"1022514\", \"refsource\": \"SECTRACK\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037\", \"name\": \"MS09-037\", \"refsource\": \"MS\"}, {\"url\": \"http://www.csis.dk/dk/nyheder/nyheder.asp?tekstID=799\", \"name\": \"http://www.csis.dk/dk/nyheder/nyheder.asp?tekstID=799\", \"refsource\": \"MISC\"}, {\"url\": \"http://isc.sans.org/diary.html?storyid=6733\", \"name\": \"http://isc.sans.org/diary.html?storyid=6733\", \"refsource\": \"MISC\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-187A.html\", \"name\": \"TA09-187A\", \"refsource\": \"CERT\"}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/972890.mspx\", \"name\": \"http://www.microsoft.com/technet/security/advisory/972890.mspx\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-195A.html\", \"name\": \"TA09-195A\", \"refsource\": \"CERT\"}, {\"url\": \"http://www.iss.net/threats/329.html\", \"name\": \"20090706 Multiple Microsoft Video Control ActiveX Remote Code Execution Vulnerabilities\", \"refsource\": \"ISS\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6363\", \"name\": \"oval:org.mitre.oval:def:6363\", \"refsource\": \"OVAL\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/180513\", \"name\": \"VU#180513\", \"refsource\": \"CERT-VN\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka \\\"Microsoft Video ActiveX Control Vulnerability.\\\"\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2008-0015\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2008-0015\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-18T04:56:26.652Z\", \"dateReserved\": \"2007-12-13T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2009-07-07T23:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTA-2009-AVI-325

Vulnerability from certfr_avis

Plusieurs vulnérabilités de la bibliothèque ATL de Windows permettent à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

Plusieurs vulnérabilités de la bibliothèque ATL (Active template library) de Windows ont été identifiées :

la première provient de la lecture sans filtrage de données non sûres ;
la seconde tire son origine de la copie de données non sûres ;
la troisième résulte du défaut d'initialisation d'un objet ;
la quatrième est liée à des erreurs dans certains en-têtes ATL ;
la cinquième provient d'un défaut de gestion de la mémoire.

Pour chacune de ces vulnérabilités, un utilisateur malveillant peut, par le biais d'une page web malveillante, exécuter du code arbitraire sur un système vulnérable avec les droits de l'utilisateur ;

Solution

Se référer au bulletin de sécurité MS09-037 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows Server 2008 et 2008 SP2 pour architecturess 32 bits, x64 et Itanium.
Microsoft	Windows	Windows Vista, Vista SP1 et SP2, y compris versions pour x64 ;
Microsoft	Windows	Windows XP S2, SP3 et Édition Media Center 2005 ;
Microsoft	Windows	Windows 2000 SP4 ;
Microsoft	Windows	Windows Server 2003 SP2, y compris versions pour x64 et Itanium ;
Microsoft	Windows	Windows XP Professionnel Édition x64 SP2 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS09-037

2009-08-11

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows Server 2008 et 2008 SP2 pour architecturess 32 bits, x64 et Itanium.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Vista, Vista SP1 et SP2, y compris versions pour x64 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows XP S2, SP3 et \u00c9dition Media Center 2005 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 2000 SP4 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2003 SP2, y compris versions pour x64 et Itanium ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows XP Professionnel \u00c9dition x64 SP2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s de la biblioth\u00e8que ATL (Active template\nlibrary) de Windows ont \u00e9t\u00e9 identifi\u00e9es\u00a0:\n\n-   la premi\u00e8re provient de la lecture sans filtrage de donn\u00e9es non\n    s\u00fbres ;\n-   la seconde tire son origine de la copie de donn\u00e9es non s\u00fbres ;\n-   la troisi\u00e8me r\u00e9sulte du d\u00e9faut d\u0027initialisation d\u0027un objet ;\n-   la quatri\u00e8me est li\u00e9e \u00e0 des erreurs dans certains en-t\u00eates ATL ;\n-   la cinqui\u00e8me provient d\u0027un d\u00e9faut de gestion de la m\u00e9moire.\n\nPour chacune de ces vuln\u00e9rabilit\u00e9s, un utilisateur malveillant peut, par\nle biais d\u0027une page web malveillante, ex\u00e9cuter du code arbitraire sur un\nsyst\u00e8me vuln\u00e9rable avec les droits de l\u0027utilisateur ;\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS09-037 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0015"
    },
    {
      "name": "CVE-2008-0020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0020"
    },
    {
      "name": "CVE-2009-2494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2494"
    },
    {
      "name": "CVE-2009-0901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0901"
    },
    {
      "name": "CVE-2009-2493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2493"
    }
  ],
  "initial_release_date": "2009-08-12T00:00:00",
  "last_revision_date": "2009-08-12T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-325",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-08-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de la biblioth\u00e8que ATL de Windows permettent \u00e0\nun utilisateur malveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s de la biblioth\u00e8que ATL de Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": "2009-08-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-037",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-037.mspx"
    }
  ]
}

CERTA-2009-AVI-278

Vulnerability from certfr_avis

Une vulnérabilité dans le contrôle ActiveX Microsoft Video permet à une personne distante malintentionnée d'exécuter du code arbitraire à distance.

Description

Une erreur dans le contrôle ActiveX Microsoft video (msvidctl.dll) en charge de la gestion du flux vidéo permet à une personne distante malintentionnée d'exécuter du code arbitraire via une page web spécialement construite. Ce correctif désactive automatiquement le contrôle ActiveX dans la base de registre, comme il était recommandé dans l'alerte CERTA-2009-ALE-010 (cf. section Documentation).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Windows	Microsoft Windows Server 2003 ;
	Microsoft	Windows	Microsoft Windows XP.

References

Title

Publication Time

Tags

Bulletin de sécurité MS09-032 du 14 juillet 2009	None	vendor-advisory
Bulletin de sécurité Microsoft MS09-032 du 14 juillet 2009 :	-	other
Bulletin de sécurité Microsoft MS09-032 du 14 juillet 2009 :	-	other
Bulletin d'alerte du CERTA CERTA-2009-ALE-010 du 07 juillet 2009:	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows Server 2003 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne erreur dans le contr\u00f4le ActiveX Microsoft video (msvidctl.dll) en\ncharge de la gestion du flux vid\u00e9o permet \u00e0 une personne distante\nmalintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire via une page web\nsp\u00e9cialement construite. Ce correctif d\u00e9sactive automatiquement le\ncontr\u00f4le ActiveX dans la base de registre, comme il \u00e9tait recommand\u00e9\ndans l\u0027alerte CERTA-2009-ALE-010 (cf. section Documentation).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0015"
    }
  ],
  "initial_release_date": "2009-07-15T00:00:00",
  "last_revision_date": "2009-07-15T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-032 du 14 juillet 2009    :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-032.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-032 du 14 juillet 2009    :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS09-032.mspx"
    },
    {
      "title": "Bulletin d\u0027alerte du CERTA CERTA-2009-ALE-010 du 07 juillet    2009:",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-ALE-010/index.html"
    }
  ],
  "reference": "CERTA-2009-AVI-278",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-07-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans le contr\u00f4le \u003cspan class=\"textit\"\u003eActiveX\u003c/span\u003e\nMicrosoft Video permet \u00e0 une personne distante malintentionn\u00e9e\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans le contr\u00f4le ActiveX Microsoft Video",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 MS09-032 du 14 juillet 2009",
      "url": null
    }
  ]
}

CERTA-2009-ALE-010

Vulnerability from certfr_alerte

Une vulnérabilité dans le contrôle ActiveX Microsoft Video permet à une personne malintentionnée d'exécuter du code arbitraire à distance.

Description

Une erreur dans le contrôle ActiveX Microsoft Video (msvidctl.dll) en charge de la gestion de flux vidéo permet à une personne distante malintentionnée d'exécuter du code arbitraire via une page web spécialement construite.

Cette vulnérabilité est déjà exploitée sur l'Internet et ne necéssite pas forcément de contenu vidéo sur la page visitée.

Contournement provisoire

Les moyens de contournement suivants sont disponibles :

Microsoft a publié un contournement provisoire permettant de désactiver le contrôle ActiveX mis en cause. Une application est disponible sur le bulletin de sécurité Microsoft (cf. la section Documentation).

Afin de désactiver le contrôle ActiveX, il faut placer la valeur Compatibility Flags pour chaque Class Identifier suivants comme décrit ci-dessous :
```
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}]
"Compatibility Flags"=dword:00000400
```
Liste des Class Identifiers :

{011B3619-FE63-4814-8A84-15A194CE9CE3}

{0149EEDF-D08F-4142-8D73-D23903D21E90}

{0369B4E5-45B6-11D3-B650-00C04F79498E}

{0369B4E6-45B6-11D3-B650-00C04F79498E}

{055CB2D7-2969-45CD-914B-76890722F112}

{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}

{15D6504A-5494-499C-886C-973C9E53B9F1}

{1BE49F30-0E1B-11D3-9D8E-00C04F72D980}

{1C15D484-911D-11D2-B632-00C04F79498E}

{1DF7D126-4050-47F0-A7CF-4C4CA9241333}

{2C63E4EB-4CEA-41B8-919C-E947EA19A77C}

{334125C0-77E5-11D3-B653-00C04F79498E}

{37B0353C-A4C8-11D2-B634-00C04F79498E}

{37B03543-A4C8-11D2-B634-00C04F79498E}

{37B03544-A4C8-11D2-B634-00C04F79498E}

{418008F3-CF67-4668-9628-10DC52BE1D08}

{4A5869CF-929D-4040-AE03-FCAFC5B9CD42}

{577FAA18-4518-445E-8F70-1473F8CF4BA4}

{59DC47A8-116C-11D3-9D8E-00C04F72D980}

{7F9CB14D-48E4-43B6-9346-1AEBC39C64D3}

{823535A0-0318-11D3-9D8E-00C04F72D980}

{8872FF1B-98FA-4D7A-8D93-C9F1055F85BB}

{8A674B4C-1F63-11D3-B64C-00C04F79498E}

{8A674B4D-1F63-11D3-B64C-00C04F79498E}

{9CD64701-BDF3-4D14-8E03-F12983D86664}

{9E77AAC4-35E5-42A1-BDC2-8F3FF399847C}

{A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980}

{A2E3074E-6C3D-11D3-B653-00C04F79498E}

{A2E30750-6C3D-11D3-B653-00C04F79498E}

{A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE}

{AD8E510D-217F-409B-8076-29C5E73B98E8}

{B0EDF163-910A-11D2-B632-00C04F79498E}

{B64016F3-C9A2-4066-96F0-BD9563314726}

{BB530C63-D9DF-4B49-9439-63453962E598}

{C531D9FD-9685-4028-8B68-6E1232079F1E}

{C5702CCC-9B79-11D3-B654-00C04F79498E}

{C5702CCD-9B79-11D3-B654-00C04F79498E}

{C5702CCE-9B79-11D3-B654-00C04F79498E}

{C5702CCF-9B79-11D3-B654-00C04F79498E}

{C5702CD0-9B79-11D3-B654-00C04F79498E}

{C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7}

{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}

{D02AAC50-027E-11D3-9D8E-00C04F72D980}

{F9769A06-7ACA-4E39-9CFB-97BB35F0E77E}

{FA7C375B-66A7-4280-879D-FD459C84BB02}

Remarque : Cette désactivation peut empêcher la visualisation de vidéos avec Internet Explorer.
utiliser un navigateur alternatif.

Rappel : d'une manière générale la désactivation des contrôles ActiveX par défaut reste une bonne pratique.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Windows	Microsoft Windows Server 2003 ;
	Microsoft	Windows	Microsoft Windows XP.

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft 972890 du 06 juillet 2009	None	vendor-advisory
Bulletin de sécurité Microsoft MS09-032 du 14 juillet 2009 :	-	other
Bulletin de sécurité Microsoft MS09-032 du 14 juillet 2009 :	-	other
Lien de téléchargement du contournement provisoire Microsoft :	-	other
Avis CERTA-2009-AVI-278 du 15 juillet 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows Server 2003 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2009-07-15",
  "content": "## Description\n\nUne erreur dans le contr\u00f4le ActiveX Microsoft Video (msvidctl.dll) en\ncharge de la gestion de flux vid\u00e9o permet \u00e0 une personne distante\nmalintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire via une page web\nsp\u00e9cialement construite.\n\nCette vuln\u00e9rabilit\u00e9 est d\u00e9j\u00e0 exploit\u00e9e sur l\u0027Internet et ne nec\u00e9ssite\npas forc\u00e9ment de contenu vid\u00e9o sur la page visit\u00e9e.\n\n## Contournement provisoire\n\nLes moyens de contournement suivants sont disponibles :\n\n-   Microsoft a publi\u00e9 un contournement provisoire permettant de\n    d\u00e9sactiver le contr\u00f4le ActiveX mis en cause. Une application est\n    disponible sur le bulletin de s\u00e9curit\u00e9 Microsoft (cf. la section\n    Documentation).\n\n    Afin de d\u00e9sactiver le contr\u00f4le ActiveX, il faut placer la valeur\n    Compatibility Flags pour chaque Class Identifier suivants comme\n    d\u00e9crit ci-dessous :\n\n        [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\\n        {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}]\n        \"Compatibility Flags\"=dword:00000400\n\n    Liste des Class Identifiers :\n\n    {011B3619-FE63-4814-8A84-15A194CE9CE3}\n\n    {0149EEDF-D08F-4142-8D73-D23903D21E90}\n\n    {0369B4E5-45B6-11D3-B650-00C04F79498E}\n\n    {0369B4E6-45B6-11D3-B650-00C04F79498E}\n\n    {055CB2D7-2969-45CD-914B-76890722F112}\n\n    {0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}\n\n    {15D6504A-5494-499C-886C-973C9E53B9F1}\n\n    {1BE49F30-0E1B-11D3-9D8E-00C04F72D980}\n\n    {1C15D484-911D-11D2-B632-00C04F79498E}\n\n    {1DF7D126-4050-47F0-A7CF-4C4CA9241333}\n\n    {2C63E4EB-4CEA-41B8-919C-E947EA19A77C}\n\n    {334125C0-77E5-11D3-B653-00C04F79498E}\n\n    {37B0353C-A4C8-11D2-B634-00C04F79498E}\n\n    {37B03543-A4C8-11D2-B634-00C04F79498E}\n\n    {37B03544-A4C8-11D2-B634-00C04F79498E}\n\n    {418008F3-CF67-4668-9628-10DC52BE1D08}\n\n    {4A5869CF-929D-4040-AE03-FCAFC5B9CD42}\n\n    {577FAA18-4518-445E-8F70-1473F8CF4BA4}\n\n    {59DC47A8-116C-11D3-9D8E-00C04F72D980}\n\n    {7F9CB14D-48E4-43B6-9346-1AEBC39C64D3}\n\n    {823535A0-0318-11D3-9D8E-00C04F72D980}\n\n    {8872FF1B-98FA-4D7A-8D93-C9F1055F85BB}\n\n    {8A674B4C-1F63-11D3-B64C-00C04F79498E}\n\n    {8A674B4D-1F63-11D3-B64C-00C04F79498E}\n\n    {9CD64701-BDF3-4D14-8E03-F12983D86664}\n\n    {9E77AAC4-35E5-42A1-BDC2-8F3FF399847C}\n\n    {A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980}\n\n    {A2E3074E-6C3D-11D3-B653-00C04F79498E}\n\n    {A2E30750-6C3D-11D3-B653-00C04F79498E}\n\n    {A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE}\n\n    {AD8E510D-217F-409B-8076-29C5E73B98E8}\n\n    {B0EDF163-910A-11D2-B632-00C04F79498E}\n\n    {B64016F3-C9A2-4066-96F0-BD9563314726}\n\n    {BB530C63-D9DF-4B49-9439-63453962E598}\n\n    {C531D9FD-9685-4028-8B68-6E1232079F1E}\n\n    {C5702CCC-9B79-11D3-B654-00C04F79498E}\n\n    {C5702CCD-9B79-11D3-B654-00C04F79498E}\n\n    {C5702CCE-9B79-11D3-B654-00C04F79498E}\n\n    {C5702CCF-9B79-11D3-B654-00C04F79498E}\n\n    {C5702CD0-9B79-11D3-B654-00C04F79498E}\n\n    {C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7}\n\n    {CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}\n\n    {D02AAC50-027E-11D3-9D8E-00C04F72D980}\n\n    {F9769A06-7ACA-4E39-9CFB-97BB35F0E77E}\n\n    {FA7C375B-66A7-4280-879D-FD459C84BB02}\n\n    Remarque : Cette d\u00e9sactivation peut emp\u00eacher la visualisation de\n    vid\u00e9os avec Internet Explorer.\n\n-   utiliser un navigateur alternatif.\n\nRappel : d\u0027une mani\u00e8re g\u00e9n\u00e9rale la d\u00e9sactivation des contr\u00f4les ActiveX\npar d\u00e9faut reste une bonne pratique.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0015"
    }
  ],
  "initial_release_date": "2009-07-07T00:00:00",
  "last_revision_date": "2009-07-15T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-032 du 14 juillet 2009    :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-032.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-032 du 14 juillet 2009    :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS09-032.mspx"
    },
    {
      "title": "Lien de t\u00e9l\u00e9chargement du contournement provisoire    Microsoft :",
      "url": "http://go.microsoft.com/?linkid=9672398"
    },
    {
      "title": "Avis CERTA-2009-AVI-278 du 15 juillet 2009 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-AVI-278/index.html"
    }
  ],
  "reference": "CERTA-2009-ALE-010",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-07-07T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Microsoft MS09-032.",
      "revision_date": "2009-07-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans le contr\u00f4le \u003cspan class=\"textit\"\u003eActiveX\u003c/span\u003e\nMicrosoft Video permet \u00e0 une personne malintentionn\u00e9e d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans le contr\u00f4le ActiveX Microsoft Video",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft 972890 du 06 juillet 2009",
      "url": "http://www.microsoft.com/technet/security/advisory/972890.mspx"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2008-0015 (GCVE-0-2008-0015)

Vulnerability from cvelistv5

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

CERTA-2009-AVI-325

Vulnerability from certfr_avis

Description

Solution

CERTA-2009-AVI-278

Vulnerability from certfr_avis

Description

Solution

CERTA-2009-ALE-010

Vulnerability from certfr_alerte

Description

Contournement provisoire

Solution

Tags

Sightings

Nomenclature