CVE-2009-2499Code Injection in Microsoft Windows Media Format Runtime

CWE-94Code Injection3 documents3 sources
Severity
8.5HIGHNVD
EPSS
30.7%
top 3.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Windows Media Format RuntimeMicrosoft Windows Media Services
Timeline
PublishedSep 8
Latest updateMay 2

Description

Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka "Windows Media Playback Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-3c23-3vh8-88jr: Microsoft Windows Media Format Runtime 92022-05-02
CVEList
CVE-2009-2499: Microsoft Windows Media Format Runtime 92009-09-08
CVE-2009-2499 — Code Injection in Microsoft | cvebase