CVE-2009-2525

Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka "Windows Media Runtime Heap Corruption Vulnerability."
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
OR cpe:2.3:a:microsoft:windows_media_format_runtime:9.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_player:9:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:microsoft:windows_media_format_runtime:9.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*

History

21 Nov 2024, 01:05

Type Values Removed Values Added
References () http://www.us-cert.gov/cas/techalerts/TA09-286A.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA09-286A.html - US Government Resource
References () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051 - () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6484 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6484 -

07 Dec 2023, 18:38

Type Values Removed Values Added
CPE cpe:2.3:o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:*

Information

Published : 2009-10-14 10:30

Updated : 2024-11-21 01:05


NVD link : CVE-2009-2525

Mitre link : CVE-2009-2525

CVE.ORG link : CVE-2009-2525


JSON object : View

Products Affected

microsoft

  • windows_vista
  • windows_media_player
  • windows_xp
  • windows_2000
  • windows_server_2003
  • windows_media_format_runtime
  • windows_server_2008
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')