CVE-2008-3010 — Sensitive Information Exposure in Microsoft Windows Media Player

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

52.3%

top 2.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Media Player

Timeline

PublishedDec 10

Latest updateMay 1

Description

Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/windows_media_player6.4

🔴Vulnerability Details

GHSA

GHSA-h9wh-q83g-2p6c: Microsoft Windows Media Player 6↗2022-05-01

▶

CVEList

CVE-2008-3010: Microsoft Windows Media Player 6↗2008-12-10

▶