Zero-day vulnerability in Microsoft Video ActiveX Control

Stack-based buffer overflow
CVE-2008-0015

The vulnerability has been exploited in the wild since June 11, 2009 (as discovered by X-Force) and was touted by the media and by SANS as being exploited in the wild on July 6, 2009.

According to Symantec research first exploitation of the vulnerability was detected on 2008-12-28.

Known malware:

HTML/CVE-2008-0015
Bloodhoud.Exploit.259

Vulnerability details

Advisory: SB2009070601 - Remote code execution in Microsoft Video ActiveX Control

Vulnerable component: Microsoft Video ActiveX Control

CVE-ID: CVE-2008-0015

CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C

CWE-ID: CWE-121 - Stack-based buffer overflow

Description:

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to stack-based buffer overflow in the Microsoft Video ActiveX Control, msvidctl.dll. By persuading a victim to visit a specially crafted Web page, a remote attacker can trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

Public Exploits: