Microsoft · Server 2008 · CVE-2009-2499
**Name of the Vulnerable Software and Affected Versions**
Microsoft Windows Media Format Runtime versions 9.0 through 11
Microsoft Media Foundation on Windows Vista and Server 2008 versions prior to SP2
**Description**
The issue allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption.
**Recommendations**
For Microsoft Windows Media Format Runtime versions 9.0 through 11, update to a version that is not affected by this issue.
For Microsoft Media Foundation on Windows Vista and Server 2008 versions prior to SP2, apply the necessary patches or updates to resolve the issue.