Remote Code Execution Vulnerability in Microsoft Windows Media Runtime
CVE-2009-2525

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 2000; Windows Media Format Runtime; Windows Media Player
Vendor: CVE Published:; 14 October 2009

What is CVE-2009-2525?

Microsoft Windows Media Runtime exhibits a vulnerability due to improper initialization of certain functions within compressed audio files. This flaw can be exploited by remote attackers through specially crafted media files or streaming content, enabling them to execute arbitrary code on the target system. To protect against potential exploitation of this vulnerability, users should apply the latest security updates offered by Microsoft.

References

http://www.us-cert.gov/cas/techalerts/TA09-286A.html

third-party-advisoryx_refsource_CERT

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

57% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 14, 2009
Vulnerability Reserved
Jul 17, 2009