Vigil@nce: Windows Media Encoder, code execution
September 2008 by Vigil@nce
SYNTHESIS
An attacker can use an ActiveX installed by Windows Media Encoder
in order to execute code on victim’s computer.
Gravity: 3/4
Consequences: user access/rights
Provenance: internet server
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 10/09/2008
Identifier: VIGILANCE-VUL-8099
IMPACTED PRODUCTS
– Microsoft Windows 2000 [confidential versions]
– Microsoft Windows 2003 [confidential versions]
– Microsoft Windows 2008
– Microsoft Windows Vista [confidential versions]
– Microsoft Windows XP [confidential versions]
DESCRIPTION
The Windows Media Encoder 9 Series product is used to create rich
multimedia contents. This product is not installed by default
under Windows.
This product installs the WMEX.DLL ActiveX. This ActiveX is tagged
as Safe For Scripting, whereas it was not conceived in a secure
manner. An attacker can therefore use malicious parameters in
order to execute code.
An attacker can thus create a HTML page calling this ActiveX in
order to execute code on the computer of the victim displaying the
page.
CHARACTERISTICS
Identifiers: BID-31065, CVE-2008-3008, MS08-053,
VIGILANCE-VUL-8099, VU#996227