Vulnerability Name:

CVE-2008-3009 (CCN-46868)

Assigned:2008-12-09
Published:2008-12-09
Updated:2019-02-26
Summary:Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-255
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2008-3009

Source: CCN
Type: HP Security Bulletin HPSBST02394 SSRT080183 rev.1
Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-070 to MS08-077

Source: CCN
Type: SA33058
Microsoft Windows Media Products Two Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
33058

Source: CCN
Type: SECTRACK ID: 1021372
Windows Media Services Service Principal Name NTLM Authentication Implementation Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: SECTRACK ID: 1021373
Windows Media Player Service Principal Name NTLM Authentication Implementation Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: ASA-2008-478
MS08-076 Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)

Source: CCN
Type: Microsoft Security Bulletin MS13-011
Vulnerability in Media Decompression Could Allow Remote Code Execution (2780091)

Source: CCN
Type: Microsoft Security Bulletin MS16-007
Security Update for Microsoft Windows to Address Remote Code Execution (3124901)

Source: CCN
Type: Microsoft Security Bulletin MS16-014
Security update for Microsoft Windows to Address Remote Code Execution (3134228)

Source: CCN
Type: Microsoft Security Bulletin MS16-047
Security Update for SAM and LSAD Remote Protocols (3148527)

Source: CCN
Type: Microsoft Security Bulletin MS16-075
Security Update for Windows SMB Server (3164038)

Source: CCN
Type: Microsoft Security Bulletin MS16-076
Security Update for Netlogon (3167691)

Source: CCN
Type: Microsoft Security Bulletin MS16-101
Security Update for Windows Authentication Methods (3178465)

Source: CCN
Type: Microsoft Security Bulletin MS16-110
Security Update for Windows (3178467)

Source: CCN
Type: Microsoft Security Bulletin MS16-111
Security Update for Windows Kernel (3186973)

Source: CCN
Type: Microsoft Security Bulletin MS16-120
Security Update for Microsoft Graphics Component (3192884)

Source: CCN
Type: Microsoft Security Bulletin MS16-122
Security Update for Microsoft Video Control (3195360)

Source: CCN
Type: Microsoft Security Bulletin MS16-123
Security Update for Kernel-Mode Drivers (3192892)

Source: CCN
Type: Microsoft Security Bulletin MS16-124
Security Update for Windows Registry (3193227)

Source: CCN
Type: Microsoft Security Bulletin MS16-126
Security Update for Microsoft Internet Messaging API (3196067)

Source: CCN
Type: Microsoft Security Bulletin MS16-131
Security Update for Microsoft Video Control (3199151)

Source: CCN
Type: Microsoft Security Bulletin MS16-139
Security Update for Windows Kernel (3199720)

Source: CCN
Type: Microsoft Security Bulletin MS16-155
Security Update for .NET Framework (3205640)

Source: CCN
Type: Microsoft Security Bulletin MS17-006
Cumulative Security Update for Internet Explorer (4013073)

Source: CCN
Type: Microsoft Security Bulletin MS17-013
Security Update for Microsoft Graphics Component (4013075)

Source: CCN
Type: Microsoft Security Bulletin MS08-076
Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)

Source: CCN
Type: Microsoft Security Bulletin MS09-047
Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812)

Source: CCN
Type: Microsoft Security Bulletin MS10-033
Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)

Source: CCN
Type: Microsoft Security Bulletin MS10-094
Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (2447961

Source: CCN
Type: Microsoft Security Bulletin MS12-004
Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)

Source: BID
Type: UNKNOWN
32653

Source: CCN
Type: BID-32653
Microsoft Windows Media Components 'Service Principle Name' Remote Code Execution Vulnerability

Source: SECTRACK
Type: UNKNOWN
1021372

Source: SECTRACK
Type: UNKNOWN
1021373

Source: CERT
Type: US Government Resource
TA08-344A

Source: VUPEN
Type: UNKNOWN
ADV-2008-3388

Source: MS
Type: UNKNOWN
MS08-076

Source: XF
Type: UNKNOWN
win-media-spn-code-execution(46868)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:5942

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:windows_media_player:6.4:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:pro_x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:microsoft:windows_media_format_runtime:7.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:microsoft:windows_media_services:4.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:microsoft:windows_media_services:9:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/a:microsoft:windows_media_services:2008:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*

    • Configuration 6:
  • cpe:/a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:gold:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

    • Configuration 7:
  • cpe:/a:microsoft:windows_media_format_runtime:11:*:x64:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:pro_x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*

    • Configuration 8:
  • cpe:/a:microsoft:windows_media_format_runtime:9.5:*:x64:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*

    • Configuration 9:
  • cpe:/a:microsoft:windows_media_format_runtime:9.5:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

    • Configuration 10:
  • cpe:/a:microsoft:windows_media_format_runtime:9:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:windows_media_services:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:windows_media_format_runtime:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:windows_media_format_runtime:9:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:windows_media_format_runtime:9.5:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:windows_media_player:6.4:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:windows_media_services:2008:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:*
  • AND
  • cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:-:*:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:*
  • OR cpe:/o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:-:sp1:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:*
  • OR cpe:/o:microsoft:windows:xp:sp3:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:5942
    V
    		SPN Vulnerability
    2014-08-18
    BACK
    microsoft windows media player 6.4
    microsoft windows 2000 * sp4
    microsoft windows server 2003 *
    microsoft windows server 2003 * sp1
    microsoft windows server 2003 * sp2
    microsoft windows xp *
    microsoft windows xp * sp2
    microsoft windows xp * sp2
    microsoft windows xp * sp3
    microsoft windows media format runtime 7.1
    microsoft windows 2000 * sp4
    microsoft windows media services 4.1
    microsoft windows 2000 * sp4
    microsoft windows media services 9
    microsoft windows server 2003 *
    microsoft windows server 2003 * sp1
    microsoft windows server 2003 * sp2
    microsoft windows xp * sp3
    microsoft windows media services 2008
    microsoft windows server 2008 *
    microsoft windows server 2008 *
    microsoft windows media format runtime 11
    microsoft windows server 2008 *
    microsoft windows server 2008 *
    microsoft windows vista *
    microsoft windows vista * sp1
    microsoft windows vista * sp1
    microsoft windows vista gold
    microsoft windows xp *
    microsoft windows xp * sp2
    microsoft windows xp * sp2
    microsoft windows xp * sp3
    microsoft windows media format runtime 11
    microsoft windows server 2003 *
    microsoft windows server 2003 * sp2
    microsoft windows xp *
    microsoft windows xp * sp2
    microsoft windows media format runtime 9.5
    microsoft windows server 2003 *
    microsoft windows server 2003 * sp2
    microsoft windows xp *
    microsoft windows xp * sp2
    microsoft windows media format runtime 9.5
    microsoft windows server 2003 *
    microsoft windows server 2003 * sp1
    microsoft windows server 2003 * sp2
    microsoft windows xp *
    microsoft windows xp * sp2
    microsoft windows xp * sp2
    microsoft windows xp * sp3
    microsoft windows media format runtime 9
    microsoft windows 2000 * sp4
    microsoft windows xp * sp2
    microsoft windows xp * sp3
    microsoft windows media services 4.1
    microsoft windows media format runtime 7.1
    microsoft windows media format runtime 9
    microsoft windows media format runtime 9.5
    microsoft windows media format runtime 11
    microsoft windows media player 6.4
    microsoft windows media services 2008
    microsoft windows server 2008 -
    microsoft windows 2000 - sp4
    microsoft windows 2003_server
    microsoft windows xp sp2
    microsoft windows 2003_server sp1
    microsoft windows vista *
    microsoft windows server_2003 sp2
    microsoft windows server_2003 sp2
    microsoft windows vista -
    microsoft windows xp sp2
    microsoft windows vista - sp1
    microsoft windows vista - sp1
    microsoft windows server 2008 -
    microsoft windows server 2008 -
    microsoft windows xp sp3