{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-06-10T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the \"MJPEG Decoder Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2008-1780", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1780"}, {"name": "oval:org.mitre.oval:def:5236", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5236"}, {"name": "1020222", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1020222"}, {"name": "MS08-033", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033"}, {"name": "TA08-162B", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"}, {"name": "HPSBST02344", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=121380194923597&w=2"}, {"name": "29581", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29581"}, {"name": "30579", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30579"}, {"name": "SSRT080087", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=121380194923597&w=2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0011", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the \"MJPEG Decoder Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2008-1780", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1780"}, {"name": "oval:org.mitre.oval:def:5236", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5236"}, {"name": "1020222", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1020222"}, {"name": "MS08-033", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033"}, {"name": "TA08-162B", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"}, {"name": "HPSBST02344", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=121380194923597&w=2"}, {"name": "29581", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29581"}, {"name": "30579", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30579"}, {"name": "SSRT080087", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=121380194923597&w=2"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0011", "datePublished": "2008-06-12T01:30:00", "dateReserved": "2007-12-13T00:00:00", "dateUpdated": "2018-10-12T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows-nt:xp:sp3:*:*:*:*:*:*", "matchCriteriaId": "73AED29E-B778-4186-8968-EB608E34E540", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*", "matchCriteriaId": "CD264C73-360E-414D-BE22-192F92E5A0A3", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "FE8F4276-4D97-480D-A542-FE9982FFD765", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:itanium:*:*:*:*:*", "matchCriteriaId": "972ADDBC-5D6E-48D5-9DB7-44FE0539807D", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*", "matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*", "matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*", "matchCriteriaId": "ACF75FC8-095A-4EEA-9A41-C27CFF3953FB", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*", "matchCriteriaId": "57ECAAA8-8709-4AC7-9CE7-49A8040C04D3", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:directx:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "2936E9C2-65E6-4D26-A277-FF2AE13A3FEC", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:directx:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "2BFE77B9-6C2A-45D3-A4B5-2679CC4B0DA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:directx:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "8FF0278F-AFA7-48BA-8762-5569EC174AEE", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows-nt:2008:*:itanium:*:*:*:*:*", "matchCriteriaId": "59F8A83B-899C-47CE-B444-E8B4AC7723C7", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows-nt:2008:*:x32:*:*:*:*:*", "matchCriteriaId": "7AF8B188-A5E0-4D53-9FE1-C72BD956191B", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows-nt:2008:*:x64:*:*:*:*:*", "matchCriteriaId": "2B89E436-C99E-4F68-AADD-E5980B346E95", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*", "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:directx:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "5A53A6AC-74B0-4DB3-B94D-06FB969AE83C", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the \"MJPEG Decoder Vulnerability.\""}, {"lang": "es", "value": "Microsoft DirectX 8.1 a 9.0c, y DirectX en Microsoft XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, y Server 2008 no realiza adecuadamente la comprobaci\u00f3n de errores MJPEG lo cual podr\u00eda permitir a usuarios remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una cadena de datos MJPEG manipulada en un archivo (1) AVI o (2) ASF, tambi\u00e9n conocida como la \"Vulnerabilidad del decodificador MJPEG\""}], "id": "CVE-2008-0011", "lastModified": "2018-10-12T21:44:33.053", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-06-12T02:32:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://marc.info/?l=bugtraq&m=121380194923597&w=2"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/30579"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://securitytracker.com/id?1020222"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/29581"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2008/1780"}, {"source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5236"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}