2008-0020 | Microsoft Windows msvidctl.dll code injection (BID-35585 / XFDB-44625)

CVSS Meta Temp Score

CVSS is a standardized scoring system to determine possibilities of attacks. The Temp Score considers temporal factors like disclosure, exploit and countermeasures. The unique Meta Score calculates the average score of different sources to provide a normalized scoring system.

Current Exploit Price (≈)

Our analysts are monitoring exploit markets and are in contact with vulnerability brokers. The range indicates the observed or calculated exploit price to be seen on exploit markets. A good indicator to understand the monetary effort required for and the popularity of an attack.

CTI Interest Score

Our Cyber Threat Intelligence team is monitoring different web sites, mailing lists, exploit markets and social media networks. The CTI Interest Score identifies the interest of attackers and the security community for this specific vulnerability in real-time. A high score indicates an elevated risk to be targeted for this vulnerability.

9.0 $5k-$25k 0.18

A vulnerability was found in Microsoft Windows Server 2003 (Operating System). It has been classified as very critical. Affected is some unknown processing in the library msvidctl.dll. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE is classifying the issue as CWE-94. This is going to have an impact on confidentiality, integrity, and availability.

The weakness was shared 07/07/2009 by Robert Freeman with IBM X-Force (Website). The advisory is available at us-cert.gov. This vulnerability is traded as CVE-2008-0020 since 12/12/2007. It is possible to launch the attack remotely. The exploitation doesn’t require any form of authentication. Technical details and a exploit are known. The structure of the vulnerability defines a possible price range of USD $5k-$25k at the moment (estimation calculated on 08/12/2021).

It is declared as proof-of-concept. The exploit is shared for download at exploit-db.com. As 0-day the estimated underground price was around $25k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 40556 (MS09-037: Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins and running in the context local.

Upgrading eliminates this vulnerability. A possible mitigation has been published 2 months after the disclosure of the vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 8317.

The vulnerability is also documented in the databases at SecurityFocus (BID 35585), X-Force (44625), Secunia (SA36187), SecurityTracker (ID 1022712) and Vulnerability Center (SBV-22778). The entries 4001, 49395, 49394 and 49393 are related to this item.




VulDB Meta Base Score: 10.0
VulDB Meta Temp Score: 9.0

VulDB Base Score: 10.0
VulDB Temp Score: 9.0
VulDB Vector: 🔍
VulDB Reliability: 🔍

🔍 🔍 🔍 🔍 🔍 🔍
🔍 🔍 🔍 🔍 🔍 🔍
🔍 🔍 🔍 🔍 🔍 🔍
Vector Complexity Authentication Confidentiality Integrity Availability
unlock unlock unlock unlock unlock unlock
unlock unlock unlock unlock unlock unlock
unlock unlock unlock unlock unlock unlock

VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍

NVD Base Score: 🔍

Class: Privilege escalation
ATT&CK: Unknown

Local: No
Remote: Yes

Availability: 🔍
Status: Proof-of-Concept
Download: 🔍

Price Prediction: 🔍
Current Price Estimation: 🔍

0-Day unlock unlock unlock unlock
Today unlock unlock unlock unlock

Nessus ID: 40556
Nessus Name: MS09-037: Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍

OpenVAS ID: 800829
OpenVAS Name: Microsoft Video ActiveX Control msvidctl.dll BOF Vulnerability
OpenVAS File: 🔍
OpenVAS Family: 🔍

Exploit-DB: 🔍

Threat Intelligenceinfoedit

Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍Recommended: Upgrade
Status: 🔍

Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍

Upgrade: us-cert.gov
TippingPoint: 🔍

McAfee IPS: 🔍
McAfee IPS Version: 🔍

ISS Proventia IPS: 🔍
Fortigate IPS: 🔍

12/12/2007 🔍
07/06/2009 +571 days 🔍
07/06/2009 +0 days 🔍
07/07/2009 +1 days 🔍
07/07/2009 +0 days 🔍
07/07/2009 +0 days 🔍
08/11/2009 +34 days 🔍
08/11/2009 +0 days 🔍
08/11/2009 +0 days 🔍
03/17/2015 +2044 days 🔍
08/12/2021 +2340 days 🔍Vendor: https://www.microsoft.com/
Product: https://www.microsoft.com/en-us/windows

Advisory: us-cert.gov
Researcher: Robert Freeman
Organization: IBM X-Force
Status: Confirmed

CVE: CVE-2008-0020 (🔍)

SecurityFocus: 35585 – Microsoft Active Template Library ‘IPersistStreamInit’ Remote Code Execution Vulnerability
Secunia: 36187
X-Force: 44625
SecurityTracker: 1022712
Vulnerability Center: 22778 – [MS09-037] Microsoft Windows ATL Header Memcopy Remote Memory Corruption Vulnerability, Medium
Vupen: ADV-2009-2232

See also: 🔍

Created: 03/17/2015 23:38
Updated: 08/12/2021 09:15
Changes: (3) source_exploitdb exploit_price_0day vulnerability_cvss2_nvd_basescore
Complete: 🔍


Download it now for free!

Source link