CVE-2009-0555

Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability."
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
microsoftCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
microsoftwindows_2000
*
microsoftwindows_media_format_runtime
9.0
microsoftwindows_media_format_runtime
9.0
microsoftwindows_media_format_runtime
9.5
microsoftwindows_xp
*
microsoftwindows_xp
*
microsoftwindows_xp
*
microsoftwindows_media_format_runtime
9.5
microsoftwindows_server_2003
*
microsoftwindows_server_2003
-
microsoftwindows_server_2008
*
microsoftwindows_server_2008
*
microsoftwindows_server_2008
*
microsoftwindows_server_2008
*
microsoftwindows_vista
*
microsoftwindows_vista
*
microsoftwindows_vista
*
microsoftwindows_vista
*
microsoftwindows_vista
*
microsoftwindows_vista
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.us-cert.gov/cas/techalerts/TA09-286A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6407
http://www.us-cert.gov/cas/techalerts/TA09-286A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6407