MS09-047: Windows Media Format Multiple Vulnerabilities (Windows Server 2003)

medium Nessus Network Monitor Plugin ID 5164

Synopsis

The remote Windows host is affected by multiple attack vectors.

Description

The remote Windows host contains a version of the Windows Media Format Runtime that is affected by multiple issues :

- The ASF parser has an invalid free vulnerability. A remote attacker could exploit this by tricking a user into opening a specially crafted ASF file, which could lead to arbitrary code execution. (CVE-2009-2498)

- The MP3 parser has a memory corruption vulnerability. A remote attacker could exploit this by tricking a user into opening a specially crafted MP3 file, which could lead to arbitrary code execution. (CVE-2009-2499)

Note that this patch is not available for unsupported Service Packs.

Solution

Apply the patches in the Microsoft bulletin.

See Also

http://www.microsoft.com/technet/security/bulletin/MS09-047.mspx

Plugin Details

Severity: Medium

ID: 5164

Family: Generic

Published: 9/11/2009

Updated: 3/6/2019

Nessus ID: 40890

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:windows_media_format_runtime

Patch Publication Date: 9/8/2009

Vulnerability Publication Date: 9/8/2009

Reference Information

CVE: CVE-2009-2498, CVE-2009-2499

BID: 36225, 36228