Memory Corruption Vulnerability in Microsoft Windows Media Format Runtime
CVE-2009-2499

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Media Format Runtime; Windows 2000; Windows Xp
Vendor: CVE Published:; 8 September 2009

What is CVE-2009-2499?

The Windows Media Playback Memory Corruption Vulnerability enables remote attackers to execute arbitrary code by sending specially crafted MP3 files with malicious metadata. When the affected Microsoft products attempt to parse these files, they can encounter memory corruption issues, giving attackers the opportunity to run their malicious code on the victim's system.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.us-cert.gov/cas/techalerts/TA09-251A.html

third-party-advisoryx_refsource_CERT

EPSS Score

52% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 8, 2009
Vulnerability Reserved
Jul 17, 2009