cve-2009-0555
Vulnerability from cvelistv5
Published
2009-10-14 10:00
Modified
2024-08-07 04:40
Severity ?
EPSS score ?
Summary
Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability."
References
▼ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA09-286A.html | Third Party Advisory, US Government Resource | |
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051 | Patch, Vendor Advisory | |
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6407 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA09-286A.html | Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6407 | Third Party Advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T04:40:05.072Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:6407", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6407" }, { "name": "TA09-286A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html" }, { "name": "MS09-051", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-10-13T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka \"Windows Media Runtime Voice Sample Rate Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "oval:org.mitre.oval:def:6407", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6407" }, { "name": "TA09-286A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html" }, { "name": "MS09-051", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2009-0555", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka \"Windows Media Runtime Voice Sample Rate Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:6407", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6407" }, { "name": "TA09-286A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html" }, { "name": "MS09-051", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2009-0555", "datePublished": "2009-10-14T10:00:00", "dateReserved": "2009-02-12T00:00:00", "dateUpdated": "2024-08-07T04:40:05.072Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2009-0555\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2009-10-14T10:30:00.920\",\"lastModified\":\"2024-11-21T01:00:18.573\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka \\\"Windows Media Runtime Voice Sample Rate Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Microsoft Windows Media Runtime, como se utiliza en DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, y Audio Compression Manager (ACM), no accede correctamente a los ficheros ASF, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero de audio manipulado que utiliza el codec Windows Media Speech, tambi\u00e9n conocido como \\\"Vulnerabilidad de Windows Media Runtime Voice Sample Rate\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:windows_media_format_runtime:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7DEC28F-EB69-4B28-AAE9-674DE2C994E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:windows_media_player:9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3778BBD3-6C58-46DF-B1EB-ED02513CA8D6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:windows_media_format_runtime:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7DEC28F-EB69-4B28-AAE9-674DE2C994E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6DBB016-22A2-4B12-A1A4-DEE8ABF14B9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61AAD264-CC98-4FB7-BDDD-6920D4AD1B5D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B339C33-8896-4896-88FF-88E74FDBC543\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:x64:*\",\"matchCriteriaId\":\"ABBA5D64-4184-4420-B7D0-A4E41359AA5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE477A73-4EE4-41E9-8694-5A3D5DC88656\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6DBB016-22A2-4B12-A1A4-DEE8ABF14B9B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D3B5E4F-56A6-4696-BBB4-19DF3613D020\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D929AA2-EE0B-4AA1-805D-69BCCA11B77F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61AAD264-CC98-4FB7-BDDD-6920D4AD1B5D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"BAB70FD5-09F3-4215-99C4-299EDE8D26DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"283F5DF4-B68A-4C1D-822A-1C0EB67C2C35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*\",\"matchCriteriaId\":\"F8216946-5F76-48B9-91CC-207F657D7D3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x86:*\",\"matchCriteriaId\":\"B36BFDA7-596B-45EA-AACE-F8A796CECDBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3852BB02-47A1-40B3-8E32-8D8891A53114\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"06E7E0F7-AA6F-477C-AAA7-C0419CD2F3BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C162FFF0-1E8F-4DCF-A08F-6C6E324ED878\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:x64:*\",\"matchCriteriaId\":\"687E66DB-E5CC-4B13-B9B7-89CC6B49B693\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A0D2704-C058-420B-B368-372D1129E914\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:*\",\"matchCriteriaId\":\"0161C884-70A5-4AD0-BD80-F0F7B3D8579E\"}]}]}],\"references\":[{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-286A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6407\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-286A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6407\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.