CVE-2008-0011

critical Microsoft
CVSS v3 Base Score
9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
62.3%
Exploitation probability in 30 days
Top 2% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: June 12, 2008 (6545 days ago)
Last Modified: April 23, 2026
Vendor: Microsoft
Source: NVD

Description

Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."

CWE

CWE-119

Affected Products

microsoft directx

References

🔗 marc.info 🔗 secunia.com 🔗 securitytracker.com 🔗 www.securityfocus.com 🔗 www.us-cert.gov