CVE-2008-1444

EPSS 60.92%
Published 12.06.2008 02:32:00
Last modified 09.04.2025 00:30:58
Source secure@microsoft.com
Teams watchlist Login
Open Login

Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 1 References 14

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Directx Version9.0

   Microsoft ≫ Windows-nt Versionxp Updatesp3
   Microsoft ≫ Windows 2000 Updatesp4
   Microsoft ≫ Windows 2003 Server Editionx64
   Microsoft ≫ Windows 2003 Server Updatesp1
   Microsoft ≫ Windows 2003 Server Updatesp1 Editionitanium
   Microsoft ≫ Windows 2003 Server Updatesp2
   Microsoft ≫ Windows 2003 Server Updatesp2 Editionitanium
   Microsoft ≫ Windows 2003 Server Updatesp2 Editionx64
   Microsoft ≫ Windows Xp Editionx64
   Microsoft ≫ Windows Xp Updatesp2
   Microsoft ≫ Windows Xp Updatesp2 Editionx64

Microsoft ≫ Directx Version10.0

   Microsoft ≫ Windows-nt Version2008 Editionitanium
   Microsoft ≫ Windows-nt Version2008 Editionx32
   Microsoft ≫ Windows-nt Version2008 Editionx64
   Microsoft ≫ Windows Vista Editionx64

Microsoft ≫ Directx Version7.0

Microsoft ≫ Windows 2000 Updatesp4

Microsoft ≫ Directx Version8.1

Microsoft ≫ Windows 2000 Updatesp4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	60.92%	0.983

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://marc.info/?l=bugtraq&m=121380194923597&w=2

Mailing List

http://www.us-cert.gov/cas/techalerts/TA08-162B.html

Third Party Advisory

US Government Resource

http://secunia.com/advisories/30579

Patch

Vendor Advisory

http://www.vupen.com/english/advisories/2008/1780

Broken Link

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033

http://securityreason.com/securityalert/3937