Unrated severityNVD Advisory· Published Jun 12, 2008· Updated Apr 23, 2026

CVE-2008-0011

Description

Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."

Affected products

Microsoft/Directx4 versions
cpe:2.3:a:microsoft:directx:9.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:microsoft:directx:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:directx:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:directx:8.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:directx:10.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/30579nvdPatchVendor Advisory
securitytracker.com/idnvdPatch
www.securityfocus.com/bid/29581nvdPatch
www.us-cert.gov/cas/techalerts/TA08-162B.htmlnvdThird Party AdvisoryUS Government Resource
marc.infonvdMailing List
www.vupen.com/english/advisories/2008/1780nvdBroken Link
docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5236nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.050
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000