CVE-2008-0951

CVSS 9.3 - HIGH
Description

Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a (1) CD-ROM device or (2) U3-enabled USB device containing a filesystem with an Autorun.inf file, and possibly other vectors related to (a) AutoRun and (b) AutoPlay actions.

Affected Products
5
Vendor Product Version
microsoft windows_vista All versions
microsoft windows_vista All versions
microsoft windows_vista All versions
microsoft windows_vista All versions
microsoft windows_vista All versions
References
http://secunia.com/advisories/29458
http://www.kb.cert.org/vuls/id/889747
http://www.securityfocus.com/bid/28360
http://www.securitytracker.com/id?1020446
http://www.vupen.com/english/advisories/2008/0954/...
https://docs.microsoft.com/en-us/security-updates/...
https://exchange.xforce.ibmcloud.com/vulnerabiliti...
http://secunia.com/advisories/29458
http://www.kb.cert.org/vuls/id/889747
http://www.securityfocus.com/bid/28360
http://www.securitytracker.com/id?1020446
http://www.vupen.com/english/advisories/2008/0954/...
https://docs.microsoft.com/en-us/security-updates/...
https://exchange.xforce.ibmcloud.com/vulnerabiliti...
Weakness Types
CWE-94
CVE Information
CVE ID:
CVE-2008-0951
Published:
2008-03-24
Modified:
2026-04-23
CVSS Score:
9.3
Severity:
HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
Affected Vendors
microsoft
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL