PT-2009-4906 · Microsoft · Server 2008+3

Hiroshi Noguchi

Publicado

2009-09-08

Atualizado

2023-12-07

CVE-2009-2499

CVSS v2.0

8.5

Alta

Vetor

AV:N/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Windows Media Format Runtime versions 9.0 through 11 Microsoft Media Foundation on Windows Vista and Server 2008 versions prior to SP2

Description The issue allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption.

Recommendations For Microsoft Windows Media Format Runtime versions 9.0 through 11, update to a version that is not affected by this issue. For Microsoft Media Foundation on Windows Vista and Server 2008 versions prior to SP2, apply the necessary patches or updates to resolve the issue.

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2009-2499

Produtos afetados

Media Foundation

Server 2008

Windows Media Format Runtime

Windows Vista

PT-2009-4906 · Microsoft · Server 2008+3

CVE-2009-2499

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4