PT-2009-4906 · Microsoft · Server 2008+3
Hiroshi Noguchi
·
Published
2009-09-08
·
Updated
2023-12-07
·
CVE-2009-2499
CVSS v2.0
8.5
High
| Vector | AV:N/AC:M/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Microsoft Windows Media Format Runtime versions 9.0 through 11
Microsoft Media Foundation on Windows Vista and Server 2008 versions prior to SP2
Description
The issue allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption.
Recommendations
For Microsoft Windows Media Format Runtime versions 9.0 through 11, update to a version that is not affected by this issue.
For Microsoft Media Foundation on Windows Vista and Server 2008 versions prior to SP2, apply the necessary patches or updates to resolve the issue.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Media Foundation
Server 2008
Windows Media Format Runtime
Windows Vista