CVE-2008-0015
CISA KEVPublished February 17, 2026 · Updated April 3, 2026
What This Means
## CVE-2008-0015: Windows Video ActiveX Control RCE Microsoft Windows Video ActiveX Control contains an RCE vulnerability triggered when users view a malicious webpage containing a specially crafted object. Successful exploitation executes arbitrary code with the privileges of the logged-in user, enabling credential theft, lateral movement, or system compromise. **Action items:** Patch all Windows systems immediately via Windows Update. Block ActiveX controls in Internet Explorer Group Policy if not required for business operations. Monitor web traffic for suspicious .htm/.html files embedding video ActiveX objects.
Official Description+
Microsoft Windows Video ActiveX Control contains a remote code execution vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
Affected Products
| Vendor | Product |
|---|---|
| Microsoft | Windows |
Patch Status
Recommended Actions
- Check if your systems use any of the affected products listed above.
- Apply vendor patches immediately if available.
- This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
- Monitor vendor advisories for updates and additional mitigations.
- Review logs for indicators of compromise related to CVE-2008-0015.