CVE-2008-3009: CVE-2008-3009

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2008-3009

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Microsoft Windows SPN实现远程代码执行漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Windows媒体组件包括Windows Media Player、Windows Media Format Runtime和Windows Media Services等多种服务和应用。请注意Windows Media媒体组件是区分区域的，也就是说在从服务器检索媒体时，要判断服务器是处于本地Intranet区还是Internet区。处于Internet区中的服务器是不受信任的，未经提示用户Windows媒体组件不会向该区中的服务器发送NTLM凭据。因此，如果要利用SPN漏洞，攻击者必须处于本地Intr

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2008-3009

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2008-3009

Please Login to view more intelligence information

http://www.securityfocus.com/bid/32653vdb-entryx_refsource_BID
http://secunia.com/advisories/33058third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1021373vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id?1021372vdb-entryx_refsource_SECTRACK
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-076vendor-advisoryx_refsource_MS
http://www.vupen.com/english/advisories/2008/3388vdb-entryx_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5942vdb-entrysignaturex_refsource_OVAL
https://nvd.nist.gov/vuln/detail/CVE-2008-3009

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2008-3009

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2008-3009

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2008-3009

III. Intelligence Information for CVE-2008-3009

IV. Related Vulnerabilities

V. Comments for CVE-2008-3009

Leave a comment