Vulnerability-Lookup

CVE-2009-2499 (GCVE-0-2009-2499)

Vulnerability from cvelistv5 – Published: 2009-09-08 22:00 – Updated: 2024-08-07 05:52

Summary

Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka "Windows Media Playback Memory Corruption Vulnerability."

Severity

No CVSS data available.

CWE

Assigner

microsoft

References

3 references

URL	Tags
https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://www.us-cert.gov/cas/techalerts/TA09-251A.html	third-party-advisoryx_refsource_CERT

Date Public

2009-09-08 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:52:14.645Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MS09-047",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047"
          },
          {
            "name": "oval:org.mitre.oval:def:5531",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531"
          },
          {
            "name": "TA09-251A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-09-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka \"Windows Media Playback Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01.000Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "MS09-047",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047"
        },
        {
          "name": "oval:org.mitre.oval:def:5531",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531"
        },
        {
          "name": "TA09-251A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-2499",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka \"Windows Media Playback Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MS09-047",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047"
            },
            {
              "name": "oval:org.mitre.oval:def:5531",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531"
            },
            {
              "name": "TA09-251A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-2499",
    "datePublished": "2009-09-08T22:00:00.000Z",
    "dateReserved": "2009-07-17T00:00:00.000Z",
    "dateUpdated": "2024-08-07T05:52:14.645Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2009-2499",
      "date": "2026-06-20",
      "epss": "0.15546",
      "percentile": "0.96396"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:windows_media_format_runtime:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7DEC28F-EB69-4B28-AAE9-674DE2C994E7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6DBB016-22A2-4B12-A1A4-DEE8ABF14B9B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D3B5E4F-56A6-4696-BBB4-19DF3613D020\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*\", \"matchCriteriaId\": \"1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:x64:*:*:*:*:*\", \"matchCriteriaId\": \"87AA5126-90FF-40F5-8664-E8260C2C8CF5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D3B5E4F-56A6-4696-BBB4-19DF3613D020\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*\", \"matchCriteriaId\": \"1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"61AAD264-CC98-4FB7-BDDD-6920D4AD1B5D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:*:*:*:*:*\", \"matchCriteriaId\": \"26A548AB-7C40-4CB7-B024-8A2DA947F245\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:*:*:*:*:*\", \"matchCriteriaId\": \"5BE99796-BADE-40D1-AD85-03D28A466E5F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*\", \"matchCriteriaId\": \"2C9B0563-D613-497D-8F2E-515E6DA00CA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*\", \"matchCriteriaId\": \"BA99C751-91CB-43D4-93FF-1C12342CAF1E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3852BB02-47A1-40B3-8E32-8D8891A53114\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*\", \"matchCriteriaId\": \"1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"C162FFF0-1E8F-4DCF-A08F-6C6E324ED878\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A0D2704-C058-420B-B368-372D1129E914\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A04E39A-623E-45CA-A5FC-25DAA0F275A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF1AD1A1-EE20-4BCE-9EE6-84B27139811C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*\", \"matchCriteriaId\": \"1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:windows_media_services:9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3E3CAB6-D1AF-4B13-97E3-0E96D4F32F87\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31A64C69-D182-4BEC-BA8A-7B405F5B2FC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D3B5E4F-56A6-4696-BBB4-19DF3613D020\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:windows_media_services:2008:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB686D09-A33F-408E-9083-F988066FCE66\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:*:*:*:*:*\", \"matchCriteriaId\": \"26A548AB-7C40-4CB7-B024-8A2DA947F245\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:*:*:*:*:*\", \"matchCriteriaId\": \"5BE99796-BADE-40D1-AD85-03D28A466E5F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*\", \"matchCriteriaId\": \"2C9B0563-D613-497D-8F2E-515E6DA00CA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*\", \"matchCriteriaId\": \"BA99C751-91CB-43D4-93FF-1C12342CAF1E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:windows_media_foundation:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BBC8864-560B-480A-903B-19215000C69D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:*:*:*:*:*\", \"matchCriteriaId\": \"26A548AB-7C40-4CB7-B024-8A2DA947F245\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:*:*:*:*:*\", \"matchCriteriaId\": \"5BE99796-BADE-40D1-AD85-03D28A466E5F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*\", \"matchCriteriaId\": \"2C9B0563-D613-497D-8F2E-515E6DA00CA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*\", \"matchCriteriaId\": \"BA99C751-91CB-43D4-93FF-1C12342CAF1E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3852BB02-47A1-40B3-8E32-8D8891A53114\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"C162FFF0-1E8F-4DCF-A08F-6C6E324ED878\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A0D2704-C058-420B-B368-372D1129E914\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:-:-:x64:*:*:*:*:*\", \"matchCriteriaId\": \"CD560746-0AED-4646-934E-6742888FB6F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A04E39A-623E-45CA-A5FC-25DAA0F275A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF1AD1A1-EE20-4BCE-9EE6-84B27139811C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka \\\"Windows Media Playback Memory Corruption Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Microsoft Windows Media Format Runtime v9.0, v9.5, y v11; y Microsoft Media Foundation en Windows Vista Gold, SP1, y SP2 y Server 2008; permite a atacantes remotos ejecutar c\\u00f3digo a su elecci\\u00f3n en un fichero MP3 con metadatos manipulados que desembocan en un error de memoria, tambi\\u00e9n llamado \\\"Vulnerabilidad de error de memoria Windows Media Playback.\\\"\"}]",
      "id": "CVE-2009-2499",
      "lastModified": "2024-11-21T01:05:01.490",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:C/I:C/A:C\", \"baseScore\": 8.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 6.8, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2009-09-08T22:30:00.437",
      "references": "[{\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-251A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-251A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-2499\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2009-09-08T22:30:00.437\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka \\\"Windows Media Playback Memory Corruption Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Microsoft Windows Media Format Runtime v9.0, v9.5, y v11; y Microsoft Media Foundation en Windows Vista Gold, SP1, y SP2 y Server 2008; permite a atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n en un fichero MP3 con metadatos manipulados que desembocan en un error de memoria, tambi\u00e9n llamado \\\"Vulnerabilidad de error de memoria Windows Media Playback.\\\"\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:C/I:C/A:C\",\"baseScore\":8.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":6.8,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:windows_media_format_runtime:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7DEC28F-EB69-4B28-AAE9-674DE2C994E7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6DBB016-22A2-4B12-A1A4-DEE8ABF14B9B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D3B5E4F-56A6-4696-BBB4-19DF3613D020\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*\",\"matchCriteriaId\":\"1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:x64:*:*:*:*:*\",\"matchCriteriaId\":\"87AA5126-90FF-40F5-8664-E8260C2C8CF5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D3B5E4F-56A6-4696-BBB4-19DF3613D020\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*\",\"matchCriteriaId\":\"1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61AAD264-CC98-4FB7-BDDD-6920D4AD1B5D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:*:*:*:*:*\",\"matchCriteriaId\":\"26A548AB-7C40-4CB7-B024-8A2DA947F245\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:*:*:*:*:*\",\"matchCriteriaId\":\"5BE99796-BADE-40D1-AD85-03D28A466E5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*\",\"matchCriteriaId\":\"2C9B0563-D613-497D-8F2E-515E6DA00CA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*\",\"matchCriteriaId\":\"BA99C751-91CB-43D4-93FF-1C12342CAF1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3852BB02-47A1-40B3-8E32-8D8891A53114\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*\",\"matchCriteriaId\":\"1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C162FFF0-1E8F-4DCF-A08F-6C6E324ED878\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A0D2704-C058-420B-B368-372D1129E914\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A04E39A-623E-45CA-A5FC-25DAA0F275A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF1AD1A1-EE20-4BCE-9EE6-84B27139811C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*\",\"matchCriteriaId\":\"1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:windows_media_services:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3E3CAB6-D1AF-4B13-97E3-0E96D4F32F87\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31A64C69-D182-4BEC-BA8A-7B405F5B2FC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D3B5E4F-56A6-4696-BBB4-19DF3613D020\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:windows_media_services:2008:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB686D09-A33F-408E-9083-F988066FCE66\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:*:*:*:*:*\",\"matchCriteriaId\":\"26A548AB-7C40-4CB7-B024-8A2DA947F245\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:*:*:*:*:*\",\"matchCriteriaId\":\"5BE99796-BADE-40D1-AD85-03D28A466E5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*\",\"matchCriteriaId\":\"2C9B0563-D613-497D-8F2E-515E6DA00CA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*\",\"matchCriteriaId\":\"BA99C751-91CB-43D4-93FF-1C12342CAF1E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:windows_media_foundation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BBC8864-560B-480A-903B-19215000C69D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:*:*:*:*:*\",\"matchCriteriaId\":\"26A548AB-7C40-4CB7-B024-8A2DA947F245\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:*:*:*:*:*\",\"matchCriteriaId\":\"5BE99796-BADE-40D1-AD85-03D28A466E5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*\",\"matchCriteriaId\":\"2C9B0563-D613-497D-8F2E-515E6DA00CA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*\",\"matchCriteriaId\":\"BA99C751-91CB-43D4-93FF-1C12342CAF1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3852BB02-47A1-40B3-8E32-8D8891A53114\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C162FFF0-1E8F-4DCF-A08F-6C6E324ED878\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A0D2704-C058-420B-B368-372D1129E914\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:-:x64:*:*:*:*:*\",\"matchCriteriaId\":\"CD560746-0AED-4646-934E-6742888FB6F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A04E39A-623E-45CA-A5FC-25DAA0F275A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF1AD1A1-EE20-4BCE-9EE6-84B27139811C\"}]}]}],\"references\":[{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-251A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-251A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2009-AVI-371

Vulnerability from certfr_avis - Published: - Updated:

Deux vulnérabilités dans Windows Media Format permettent l'exécution de code arbitraire à distance.

Description

Deux vulnérabilités ont été découvertes dans Windows Media Format :

les fichiers au format ASF ne sont pas correctement traités (CVE-2009-2498) ;
les métadonnées des fichiers au format MP3 ne sont pas correctement traitées (CVE-2009-2499).

Ces deux vulnérabilités permettent l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité Microsoft MS09-047 pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows Vista Service Pack 1 ;
Microsoft	Windows	Microsoft Windows Vista x64 Edition Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Server 2008 for x64-based Systems Service Pack 2.
Microsoft	Windows	Microsoft Windows Vista ;
Microsoft	Windows	Microsoft Windows Server 2008 for x64-based Systems ;
Microsoft	Windows	Microsoft Windows Vista Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Server 2003 x64 Edition Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Vista x64 Edition Service Pack 1 ;
Microsoft	Windows	Microsoft Windows Vista x64 Edition ;
Microsoft	Windows	Microsoft Windows XP Service Pack 2 ;
Microsoft	Windows	Microsoft Windows XP Professional x64 Edition Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Server 2008 for 32-bit Systems ;
Microsoft	Windows	Microsoft Windows Server 2003 Service Pack 2 ;
Microsoft	Windows	Microsoft Windows XP Service Pack 3 ;
Microsoft	Windows	Microsoft Windows 2000 Service Pack 4 ;

References

Title

Publication Time

CERTA-2009-AVI-371

Vulnerability from certfr_avis - Published: - Updated:

Deux vulnérabilités dans Windows Media Format permettent l'exécution de code arbitraire à distance.

Description

Deux vulnérabilités ont été découvertes dans Windows Media Format :

les fichiers au format ASF ne sont pas correctement traités (CVE-2009-2498) ;
les métadonnées des fichiers au format MP3 ne sont pas correctement traitées (CVE-2009-2499).

Ces deux vulnérabilités permettent l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité Microsoft MS09-047 pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows Vista Service Pack 1 ;
Microsoft	Windows	Microsoft Windows Vista x64 Edition Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Server 2008 for x64-based Systems Service Pack 2.
Microsoft	Windows	Microsoft Windows Vista ;
Microsoft	Windows	Microsoft Windows Server 2008 for x64-based Systems ;
Microsoft	Windows	Microsoft Windows Vista Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Server 2003 x64 Edition Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Vista x64 Edition Service Pack 1 ;
Microsoft	Windows	Microsoft Windows Vista x64 Edition ;
Microsoft	Windows	Microsoft Windows XP Service Pack 2 ;
Microsoft	Windows	Microsoft Windows XP Professional x64 Edition Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Server 2008 for 32-bit Systems ;
Microsoft	Windows	Microsoft Windows Server 2003 Service Pack 2 ;
Microsoft	Windows	Microsoft Windows XP Service Pack 3 ;
Microsoft	Windows	Microsoft Windows 2000 Service Pack 4 ;

References

Title

Publication Time

FKIE_CVE-2009-2499

Vulnerability from fkie_nvd - Published: 2009-09-08 22:30 - Updated: 2026-06-16 23:09

Severity

Summary

References

URL	Tags
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA09-251A.html	US Government Resource
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-251A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531

Impacted products

Vendor	Product	Version
microsoft	windows_media_format_runtime	9.0
microsoft	windows_2000	-
microsoft	windows_xp	-
microsoft	windows_xp	-
microsoft	windows_media_format_runtime	9.5
microsoft	windows_server_2003	*
microsoft	windows_xp	*
microsoft	windows_xp	-
microsoft	windows_xp	-
microsoft	windows_media_format_runtime	9.5
microsoft	windows_server_2003	*
microsoft	windows_xp	*
microsoft	windows_media_format_runtime	11
microsoft	windows_server_2008	-
microsoft	windows_server_2008	-
microsoft	windows_server_2008	-
microsoft	windows_server_2008	-
microsoft	windows_vista	*
microsoft	windows_vista	*
microsoft	windows_vista	*
microsoft	windows_vista	*
microsoft	windows_vista	-
microsoft	windows_vista	-
microsoft	windows_xp	*
microsoft	windows_xp	-
microsoft	windows_xp	-
microsoft	windows_media_services	9.1
microsoft	windows_server_2003	*
microsoft	windows_server_2003	*
microsoft	windows_media_services	2008
microsoft	windows_server_2008	-
microsoft	windows_server_2008	-
microsoft	windows_server_2008	-
microsoft	windows_server_2008	-
microsoft	windows_media_foundation	-
microsoft	windows_server_2008	-
microsoft	windows_server_2008	-
microsoft	windows_server_2008	-
microsoft	windows_server_2008	-
microsoft	windows_vista	*
microsoft	windows_vista	*
microsoft	windows_vista	*
microsoft	windows_vista	-
microsoft	windows_vista	-
microsoft	windows_vista	-

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "source": "secure@microsoft.com"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:windows_media_format_runtime:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7DEC28F-EB69-4B28-AAE9-674DE2C994E7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6DBB016-22A2-4B12-A1A4-DEE8ABF14B9B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
              "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:x64:*:*:*:*:*",
              "matchCriteriaId": "87AA5126-90FF-40F5-8664-E8260C2C8CF5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
              "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:*",
              "matchCriteriaId": "61AAD264-CC98-4FB7-BDDD-6920D4AD1B5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:*:*:*:*:*",
              "matchCriteriaId": "26A548AB-7C40-4CB7-B024-8A2DA947F245",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:*:*:*:*:*",
              "matchCriteriaId": "5BE99796-BADE-40D1-AD85-03D28A466E5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "2C9B0563-D613-497D-8F2E-515E6DA00CA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*",
              "matchCriteriaId": "BA99C751-91CB-43D4-93FF-1C12342CAF1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A04E39A-623E-45CA-A5FC-25DAA0F275A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
              "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:windows_media_services:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E3CAB6-D1AF-4B13-97E3-0E96D4F32F87",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "31A64C69-D182-4BEC-BA8A-7B405F5B2FC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:windows_media_services:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB686D09-A33F-408E-9083-F988066FCE66",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:*:*:*:*:*",
              "matchCriteriaId": "26A548AB-7C40-4CB7-B024-8A2DA947F245",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:*:*:*:*:*",
              "matchCriteriaId": "5BE99796-BADE-40D1-AD85-03D28A466E5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "2C9B0563-D613-497D-8F2E-515E6DA00CA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*",
              "matchCriteriaId": "BA99C751-91CB-43D4-93FF-1C12342CAF1E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:windows_media_foundation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BBC8864-560B-480A-903B-19215000C69D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:*:*:*:*:*",
              "matchCriteriaId": "26A548AB-7C40-4CB7-B024-8A2DA947F245",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:*:*:*:*:*",
              "matchCriteriaId": "5BE99796-BADE-40D1-AD85-03D28A466E5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "2C9B0563-D613-497D-8F2E-515E6DA00CA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*",
              "matchCriteriaId": "BA99C751-91CB-43D4-93FF-1C12342CAF1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:-:x64:*:*:*:*:*",
              "matchCriteriaId": "CD560746-0AED-4646-934E-6742888FB6F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A04E39A-623E-45CA-A5FC-25DAA0F275A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka \"Windows Media Playback Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Windows Media Format Runtime v9.0, v9.5, y v11; y Microsoft Media Foundation en Windows Vista Gold, SP1, y SP2 y Server 2008; permite a atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n en un fichero MP3 con metadatos manipulados que desembocan en un error de memoria, tambi\u00e9n llamado \"Vulnerabilidad de error de memoria Windows Media Playback.\""
    }
  ],
  "id": "CVE-2009-2499",
  "lastModified": "2026-06-16T23:09:35.243",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.5,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-09-08T22:30:00.437",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-3C23-3VH8-88JR

Vulnerability from github – Published: 2022-05-02 03:35 – Updated: 2022-05-02 03:35

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-2499"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-09-08T22:30:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka \"Windows Media Playback Memory Corruption Vulnerability.\"",
  "id": "GHSA-3c23-3vh8-88jr",
  "modified": "2022-05-02T03:35:50Z",
  "published": "2022-05-02T03:35:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2499"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2009-2499

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-2499

Aliases

CVE-2009-2499

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-2499",
    "description": "Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka \"Windows Media Playback Memory Corruption Vulnerability.\"",
    "id": "GSD-2009-2499"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-2499"
      ],
      "details": "Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka \"Windows Media Playback Memory Corruption Vulnerability.\"",
      "id": "GSD-2009-2499",
      "modified": "2023-12-13T01:19:46.662591Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2009-2499",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka \"Windows Media Playback Memory Corruption Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "MS09-047",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047"
          },
          {
            "name": "oval:org.mitre.oval:def:5531",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531"
          },
          {
            "name": "TA09-251A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:windows_media_format_runtime:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:windows_media_services:9.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:windows_media_services:2008:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:windows_media_foundation:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:-:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-2499"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka \"Windows Media Playback Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA09-251A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:5531",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531"
            },
            {
              "name": "MS09-047",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.5,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2023-12-07T18:38Z",
      "publishedDate": "2009-09-08T22:30Z"
    }
  }
}

JVNDB-2009-000059

Vulnerability from jvndb - Published: 2009-09-09 17:30 - Updated:2009-09-09 17:30

Severity

N/A (UNKNOWN) - -

Summary

Buffer overflow vulnerability in Microsoft Windows

Details

Microsoft Windows contains a buffer overflow vulnerability. Windows Media Format Runtime included in Microsoft Windows contains a buffer overflow vulnerability when parsing specific files. The security update for this vulnerability is contained in the Microsoft Security Bulletin Summary for September 2009. Hiroshi Noguchi of Alice Carroll fan club reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN62211338/index.html
	JVNTR	https://jvn.jp/en/tr/JVNTR-2009-22/
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2498
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2499
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2498
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2499
	IPA SECURITY ALERTS	http://www.ipa.go.jp/security/english/vuln/200909_windows_en.html
	CERT-SA	http://www.us-cert.gov/cas/alerts/SA09-251A.html
	CERT-TA	http://www.us-cert.gov/cas/techalerts/TA09-251A.html
	SECUNIA	http://secunia.com/advisories/36596
	BID	http://www.securityfocus.com/bid/36225
	BID	http://www.securityfocus.com/bid/36228
	VUPEN	http://www.vupen.com/english/advisories/2009/2566
	Buffer Errors(CWE-119)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Microsoft Corporation	Microsoft Windows 2000
	Microsoft Corporation	Microsoft Windows Server 2003
	Microsoft Corporation	Microsoft Windows Server 2008
	Microsoft Corporation	Microsoft Windows Vista
	Microsoft Corporation	Microsoft Windows XP

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000059.html",
  "dc:date": "2009-09-09T17:30+09:00",
  "dcterms:issued": "2009-09-09T17:30+09:00",
  "dcterms:modified": "2009-09-09T17:30+09:00",
  "description": "Microsoft Windows contains a buffer overflow vulnerability.\r\n\r\nWindows Media Format Runtime included in Microsoft Windows contains a buffer overflow vulnerability when parsing specific files.\r\n\r\nThe security update for this vulnerability is contained in the Microsoft Security Bulletin Summary for September 2009.\r\n\r\nHiroshi Noguchi of Alice Carroll fan club reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000059.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:microsoft:windows_2000",
      "@product": "Microsoft Windows 2000",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:microsoft:windows_server_2003",
      "@product": "Microsoft Windows Server 2003",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:microsoft:windows_server_2008",
      "@product": "Microsoft Windows Server 2008",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:microsoft:windows_vista",
      "@product": "Microsoft Windows Vista",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:microsoft:windows_xp",
      "@product": "Microsoft Windows XP",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "6.8",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2009-000059",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN62211338/index.html",
      "@id": "JVN#62211338",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/tr/JVNTR-2009-22/",
      "@id": "JVNTR-2009-22",
      "@source": "JVNTR"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2498",
      "@id": "CVE-2009-2498",
      "@source": "CVE"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2499",
      "@id": "CVE-2009-2499",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2498",
      "@id": "CVE-2009-2498",
      "@source": "NVD"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2499",
      "@id": "CVE-2009-2499",
      "@source": "NVD"
    },
    {
      "#text": "http://www.ipa.go.jp/security/english/vuln/200909_windows_en.html",
      "@id": "Security Alert for Vulnerability in Microsoft Windows",
      "@source": "IPA SECURITY ALERTS"
    },
    {
      "#text": "http://www.us-cert.gov/cas/alerts/SA09-251A.html",
      "@id": "SA09-251A",
      "@source": "CERT-SA"
    },
    {
      "#text": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html",
      "@id": "TA09-251A",
      "@source": "CERT-TA"
    },
    {
      "#text": "http://secunia.com/advisories/36596",
      "@id": "SA36596",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/36225",
      "@id": "36225",
      "@source": "BID"
    },
    {
      "#text": "http://www.securityfocus.com/bid/36228",
      "@id": "36228",
      "@source": "BID"
    },
    {
      "#text": "http://www.vupen.com/english/advisories/2009/2566",
      "@id": "VUPEN/ADV-2009-2566",
      "@source": "VUPEN"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-119",
      "@title": "Buffer Errors(CWE-119)"
    }
  ],
  "title": "Buffer overflow vulnerability in Microsoft Windows"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-2499 (GCVE-0-2009-2499)

CERTA-2009-AVI-371

Description

Solution

CERTA-2009-AVI-371

Description

Solution

FKIE_CVE-2009-2499

GHSA-3C23-3VH8-88JR

GSD-2009-2499

JVNDB-2009-000059

Tags

Sightings

Nomenclature