AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)

CVE-2008-0015: Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability

infovulnerability🔥 Actively Exploited

security

Source: CISA Known Exploited VulnerabilitiesFebruary 16, 2026CVE-2008-0015

Summary

Microsoft Windows Video ActiveX Control (a reusable software component for video handling) contains a remote code execution vulnerability (a flaw that lets attackers run commands on a victim's computer without permission). An attacker can exploit this by tricking a user into viewing a malicious webpage, which could then execute code with the same permissions as the logged-in user. This vulnerability is currently being exploited by attackers in the wild.

Solution / Mitigation

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 80.6%

Exploit Maturity

🔥 Actively Exploited

Classification

Attack SophisticationModerate

Original source: https://nvd.nist.gov/vuln/detail/CVE-2008-0015

First tracked: February 17, 2026 at 07:00 PM

Classified by LLM (prompt v3) · confidence: 95%