cbcvebase.
CVE-2009-2499
published 2009-09-08

CVE-2009-2499: Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote…

PriorityP350high8.5CVSS 2.0
AVNACMAuSCCICAC
EPSS
15.55%
96.4th percentile
Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka "Windows Media Playback Memory Corruption Vulnerability."

Affected

5 ranges
VendorProductVersion rangeFixed in
microsoftwindows_media_format_runtime
microsoftwindows_media_format_runtime
microsoftwindows_media_format_runtime
microsoftwindows_media_services
microsoftwindows_media_services
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.