CVE-2008-0015

KEV EPSS 81.58% · P99 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2008-0015

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Microsoft DirectShow MPEG2TuneRequest 组件栈溢出漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Microsoft Windows是微软发布的非常流行的操作系统，DirectShow用于在Windows操作系统中处理流媒体。 DirectShow(msvidctl.dll)的BDATuningModelMPEG2TuneRequest视频组件中存在栈溢出漏洞。此漏洞可以通过IE浏览器远程利用，如果用户受骗访问了恶意网页并打开读取MPEG-2文件的话，就可能触发这个溢出，导致执行任意指令。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2008-0015

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2008-0015

请登录查看更多情报信息。

http://www.csis.dk/dk/nyheder/nyheder.asp?tekstID=799x_refsource_MISC
http://www.microsoft.com/technet/security/advisory/972890.mspxx_refsource_CONFIRM
http://isc.sans.org/diary.html?storyid=6733x_refsource_MISC
http://www.securityfocus.com/bid/35585vdb-entryx_refsource_BID
http://secunia.com/advisories/36187third-party-advisoryx_refsource_SECUNIA
http://osvdb.org/55651vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/35558vdb-entryx_refsource_BID
http://www.securitytracker.com/id?1022514vdb-entryx_refsource_SECTRACK
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-032vendor-advisoryx_refsource_MS
http://www.us-cert.gov/cas/techalerts/TA09-195A.htmlthird-party-advisoryx_refsource_CERT
http://www.us-cert.gov/cas/techalerts/TA09-187A.htmlthird-party-advisoryx_refsource_CERT
http://www.kb.cert.org/vuls/id/180513third-party-advisoryx_refsource_CERT-VN
http://www.us-cert.gov/cas/techalerts/TA09-223A.htmlthird-party-advisoryx_refsource_CERT
http://www.vupen.com/english/advisories/2009/2232vdb-entryx_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6333vdb-entrysignaturex_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7436vdb-entrysignaturex_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6363vdb-entrysignaturex_refsource_OVAL
http://www.iss.net/threats/329.htmlthird-party-advisoryx_refsource_ISS
https://nvd.nist.gov/vuln/detail/CVE-2008-0015

Same Patch Batch · n/a · 2009-07-07 · 27 CVEs total

CVE-2009-2341		Shalwan Opial index.php SQL注入漏洞
CVE-2009-2338		FreeWebshop startmodules.inc.php 本地权限限制漏洞
CVE-2009-2337		w3bcms Guestbook Module 'index.inc.php' SQL注入漏洞
CVE-2008-6853		NetCat 'modules/poll/index.php' SQL注入漏洞
CVE-2008-6852		Joomla! Ice Gallery Component 'index.php' SQL注入漏洞
CVE-2008-6851		PHP Link Directory 'page.php' SQL注入漏洞
CVE-2008-6850		PHP-Fusion 'messages.php'跨站脚本漏洞
CVE-2008-6849		W2B phpGreetCards 'index.php' 任意文件上传漏洞
CVE-2008-6848		W2B phpGreetCards 'index.php' 跨站脚本漏洞
CVE-2009-2345		ClanSphere gbook module 多个SQL注入漏洞
CVE-2009-2344		Sourcefire 3D Sensor和Defense Center user.cgi权限提升漏洞
CVE-2009-2343		Zoph 'people.php' 跨站脚本漏洞
CVE-2009-2342		Content Management Made Easy admin.php跨站脚本攻击漏洞
CVE-2008-0020		Microsoft DirectShow IPersistStreamInit 组件栈溢出漏洞
CVE-2009-2340		Opial damin/index.php SQL注入漏洞
CVE-2009-2339		rentventory index.php SQL注入漏洞
CVE-2009-2359		Yasinkaplan TekRADIUS SQL注入漏洞
CVE-2009-2358		Yasinkaplan TekRADIUS安全权限漏洞
CVE-2009-2357		Yasinkaplan TekRADIUS RADIUS安全权限漏洞
CVE-2009-2356		NullLogic Groupware pgSQLQuery函数缓冲区溢出安全漏洞

Showing top 20 of 27 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2008-0015

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2008-0015

I. Basic Information for CVE-2008-0015

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2008-0015

III. Intelligence Information for CVE-2008-0015

Same Patch Batch · n/a · 2009-07-07 · 27 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2008-0015

Leave a comment