CVE-2009-2525

Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka "Windows Media Runtime Heap Corruption Vulnerability."
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
microsoftCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
microsoftwindows_2000
*
microsoftwindows_media_format_runtime
9.0
microsoftwindows_media_format_runtime
9.0
microsoftwindows_media_format_runtime
9.5
microsoftwindows_xp
*
microsoftwindows_xp
*
microsoftwindows_xp
*
microsoftwindows_media_format_runtime
9.5
microsoftwindows_server_2003
*
microsoftwindows_server_2008
*
microsoftwindows_server_2008
*
microsoftwindows_server_2008
*
microsoftwindows_server_2008
*
microsoftwindows_vista
*
microsoftwindows_vista
*
microsoftwindows_vista
*
microsoftwindows_vista
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.us-cert.gov/cas/techalerts/TA09-286A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6484
http://www.us-cert.gov/cas/techalerts/TA09-286A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6484