Windows Media Encoder 9 wmex.dll ActiveX buffer overflow

Added: 09/09/2008
CVE: CVE-2008-3008
BID: 31065
OSVDB: 47962

Background

Windows Media Encoder is a tool for content producers to capture and compress audio and video content.

Windows Media Encoder 9 installs the wmex.dll ActiveX control.

Problem

A buffer overflow vulnerability in the wmex.dll ActiveX control allows command execution when a user opens a specially crafted web page.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 08-053.

References

http://www.microsoft.com/technet/security/Bulletin/ms08-053.mspx

Limitations

Exploit works on Windows Media Encoder 9 and requires a user to open the exploit page in Internet Explorer.

Platforms

Windows

Back to exploit index