Release DateOct 16, 2009 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attempt to exploit a code execution vulnerability in Windows Media Player.The vulnerability is caused by an error that occurs when the vulnerable software handles a malformed ASF file. A remote attacker could exploit this vulnerability to execute arbitrary code by sending a specially crafted audio file. |
Affected ProductsDirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager on Microsoft Windows 2000 Service Pack 4DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager on Windows XP Service Pack 2 and Windows XP Service Pack 3 DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager on Windows XP Professional x64 Edition Service Pack 2 DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager on Windows Server 2003 Service Pack 2 DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager on Windows Server 2003 x64 Edition Service Pack 2 Windows Media Audio Voice Decoder on Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2 Windows Media Audio Voice Decoder on Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2 Windows Media Audio Voice Decoder on Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Media Audio Voice Decoder on Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 |
Recommended ActionsRefer to the vendor's web site for suggested workaround.http://www.microsoft.com/technet/security/Bulletin/ms09-051.mspx |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2009-2525CVE-2009-0555 |
Reference/shttp://technet.microsoft.com/en-us/security/bulletin/ms09-051.mspx (MS-ID) |
