CVE-2008-0020
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015.
Una vulnerabilidad no especificada en el método Load en la interfaz IPersistStreamInit de Active Template Library (ATL), tal y como es usado en el control ActiveX de Microsoft Video en la biblioteca msvidctl.dll en DirectShow, en Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista versión Gold, SP1, y SP2, y Server 2008 versión Gold y SP2 de Microsoft, permite a los atacantes remotos ejecutar código arbitrario por medio de vectores desconocidos que desencadenan una corrupción de memoria, también se conoce como "ATL Header Memcopy Vulnerability", una vulnerabilidad diferente de CVE-2008-0015.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-12-13 CVE Reserved
- 2009-07-07 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx | X_refsource_misc | |
| http://www.iss.net/threats/329.html | Third Party Advisory | |
| http://www.securitytracker.com/id?1022712 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA09-223A.html | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5850 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/2232 | 2018-10-12 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/36187 | 2018-10-12 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | - | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | - | sp2, itanium |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | - | sp2, x64 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp2, professional_x64 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | - | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | - | sp3 |
Affected
| ||||||