Remote Code Execution Vulnerability in Microsoft Windows Media Services and Runtime
CVE-2009-2498

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Media Format Runtime; Windows 2000; Windows Xp
Vendor: CVE Published:; 8 September 2009

Summary

The vulnerability in Microsoft Windows Media Format Runtime and Windows Media Services arises from improper parsing of malformed headers in Advanced Systems Format (ASF) files. This flaw can be exploited by attackers who craft malicious .asf, .wmv, or .wma files. Successful exploitation allows them to execute arbitrary code on systems utilizing these affected products, posing significant security risks. Regular updates and proper filtering of media files are recommended to mitigate potential threats.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.us-cert.gov/cas/techalerts/TA09-251A.html

third-party-advisoryx_refsource_CERT

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

57% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 8, 2009
Vulnerability Reserved
Jul 17, 2009