CVE-2008-3009

CVE Database · CVE-2008-3009

CVE-2008-3009

· N/AModified

CVSS v3.1

N/A

EPSS

15.83%

Published

Dec 10, 2008

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."

Weaknesses (CWE)

CWE-255

Affected Products (53)

microsoft · windows_media_playervulnerable

microsoft · windows_2000

microsoft · windows_server_2003

microsoft · windows_xp

microsoft · windows_media_format_runtimevulnerable

microsoft · windows_2000

microsoft · windows_media_servicesvulnerable