Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812) |
Informations | |||
---|---|---|---|
Name | MS09-047 | First vendor Publication | 2009-09-08 |
Vendor | Microsoft | Last vendor Modification | 2009-09-16 |
Severity (Vendor) | Critical | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.1 (September 16, 2009): Corrected the list of bulletins replaced by the update for Windows Media Format Runtime, under Microsoft Windows 2000, Windows XP, and Windows Server 2003.Summary: This security update resolves two privately reported vulnerabilities in Windows Media Format. Either vulnerability could allow remote code execution if a user opened a specially crafted media file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS09-047.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5531 | |||
Oval ID: | oval:org.mitre.oval:def:5531 | ||
Title: | Windows Media Playback Memory Corruption Vulnerability | ||
Description: | Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka "Windows Media Playback Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2499 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Windows Media Format Runtime 9.0 Windows Media Format Runtime 9.5 Windows Media Format Runtime 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6257 | |||
Oval ID: | oval:org.mitre.oval:def:6257 | ||
Title: | Windows Media Header Parsing Invalid Free Vulnerability | ||
Description: | Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2498 | Version: | 11 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Windows Media Format Runtime 9.0 Windows Media Format Runtime 9.5 Windows Media Format Runtime 11 Microsoft Media Services 9.1 Microsoft Media Services 9 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 4 | |
Application | 1 | |
Application | 2 | |
Os | 1 | |
Os | 2 | |
Os | 4 | |
Os |
| 7 |
Os | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2009-09-10 | Name : Microsoft Windows Media Format Remote Code Execution Vulnerability (973812) File : nvt/secpod_ms09-047.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
57803 | Microsoft Windows Media MP3 File Handling Memory Corruption |
57802 | Microsoft Windows Media ASF Header Parsing Invalid Free Arbitrary Code Execution |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-09-10 | IAVM : 2009-A-0076 - Multiple Vulnerabilities in Microsoft Windows Media Format Severity : Category II - VMSKEY : V0019916 |
Snort® IPS/IDS
Date | Description |
---|---|
2019-09-05 | Microsoft Windows mp3 file malformed ID3 APIC header code execution attempt RuleID : 50893 - Revision : 1 - Type : FILE-MULTIMEDIA |
2019-09-05 | Microsoft Windows mp3 file malformed ID3 APIC header code execution attempt RuleID : 50892 - Revision : 1 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Windows Media encryption sample ID header RCE attempt RuleID : 23576 - Revision : 5 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Windows Media encryption sample ID header RCE attempt RuleID : 23575 - Revision : 5 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Windows Media pixel aspect ratio header RCE attempt RuleID : 23574 - Revision : 5 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Windows Media content type header RCE attempt RuleID : 23573 - Revision : 5 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Windows Media file name header RCE attempt RuleID : 23572 - Revision : 5 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Windows Media Timecode header RCE attempt RuleID : 23571 - Revision : 5 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Windows Media sample duration header RCE attempt RuleID : 23570 - Revision : 5 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Windows Media encryption sample ID header RCE attempt RuleID : 19450 - Revision : 13 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Windows Media encryption sample ID header RCE attempt RuleID : 19449 - Revision : 13 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Windows Media pixel aspect ratio header RCE attempt RuleID : 19448 - Revision : 13 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Windows Media content type header RCE attempt RuleID : 19447 - Revision : 13 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Windows Media file name header RCE attempt RuleID : 19446 - Revision : 13 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Windows Media Timecode header RCE attempt RuleID : 19445 - Revision : 13 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Windows Media sample duration header RCE attempt RuleID : 19444 - Revision : 12 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Windows Media extended stream properties object RCE attempt RuleID : 16338 - Revision : 5 - Type : WEB-CLIENT |
2014-01-10 | Microsoft mp3 malformed APIC header RCE attempt RuleID : 15920 - Revision : 10 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Windows Media encryption sample ID header RCE attempt RuleID : 15919 - Revision : 6 - Type : WEB-CLIENT |
2014-01-10 | Microsoft Windows Media pixel aspect ratio header RCE attempt RuleID : 15918 - Revision : 6 - Type : WEB-CLIENT |
2014-01-10 | Microsoft Windows Media content type header RCE attempt RuleID : 15917 - Revision : 6 - Type : WEB-CLIENT |
2014-01-10 | Microsoft Windows Media file name header RCE attempt RuleID : 15916 - Revision : 6 - Type : WEB-CLIENT |
2014-01-10 | Microsoft Windows Media Timecode header RCE attempt RuleID : 15915 - Revision : 6 - Type : WEB-CLIENT |
2014-01-10 | Microsoft Windows Media sample duration header RCE attempt RuleID : 15914 - Revision : 6 - Type : WEB-CLIENT |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-09-08 | Name : Arbitrary code can be executed on the remote host through opening a Windows M... File : smb_nt_ms09-047.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:46:19 |
|
2014-01-19 21:30:22 |
|
2013-11-11 12:41:13 |
|