CVE-2009-2525

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 2000; Windows Media Format Runtime; Windows Media Player
Vendor: CVE Published:; 14 October 2009

Summary

Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka "Windows Media Runtime Heap Corruption Vulnerability."

References

http://www.us-cert.gov/cas/techalerts/TA09-286A.html

third-party-advisoryx_refsource_CERT

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

79% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 14, 2009
Vulnerability Reserved
Jul 17, 2009

Collectors

NVD DatabaseMitre Database