Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability."
Conclusion & alert: CVE-2008-3010 is rated High Risk (79.2/100): CVSS Critical severity, with high exploitation likelihood (EPSS 52.28%, 98th percentile). Core evidence: EPSS ranks this CVE among the most likely to be exploited in the near term. EPSS rose +10.39% over the last day, indicating growing attacker interest. Mandatory action: High exploitation likelihood—assess exposure and prioritize remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2025-12-28 | 41.88% | 52.28% | +10.39% |
| 2 | 2025-12-27 | 52.28% | 41.88% | -10.39% |
| 3 | 2025-10-28 | — | 52.28% | — |
Full EPSS history (23 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 10.0 | 2.0 | HIGH |
|
10.0 | 10.0 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| microsoft | windows_media_player | 6.4 | cpe:2.3:a:microsoft:windows_media_player:6.4:*:*:*:*:*:*:* |