CVE-2009-2498

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Media Format Runtime; Windows 2000; Windows Xp
Vendor: CVE Published:; 8 September 2009

Summary

Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.us-cert.gov/cas/techalerts/TA09-251A.html

third-party-advisoryx_refsource_CERT

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

51% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 8, 2009
Vulnerability Reserved
Jul 17, 2009

Collectors

NVD DatabaseMitre Database