CVE-2009-0555

EPSS 31.95%
Veröffentlicht 14.10.2009 10:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows 2000 Updatesp4

Microsoft ≫ Windows Media Format Runtime Version9.0

Microsoft ≫ Windows Media Player Version9

Microsoft ≫ Windows Media Format Runtime Version9.0

Microsoft ≫ Windows Media Format Runtime Version9.5

Microsoft ≫ Windows Media Format Runtime Version11

Microsoft ≫ Windows Xp Updatesp2

Microsoft ≫ Windows Xp Updatesp2 HwPlatformx64

Microsoft ≫ Windows Xp Updatesp3

Microsoft ≫ Windows Media Format Runtime Version9.5

Microsoft ≫ Windows Server 2003 Updatesp2

Microsoft ≫ Windows Server 2003 Version- Updatesp2

Microsoft ≫ Windows Media Format Runtime Version11

Microsoft ≫ Windows Server 2008 HwPlatformx64

Microsoft ≫ Windows Server 2008 HwPlatformx86

Microsoft ≫ Windows Server 2008 Updatesp2 HwPlatformx64

Microsoft ≫ Windows Server 2008 Updatesp2 HwPlatformx86

Microsoft ≫ Windows Vista

Microsoft ≫ Windows Vista HwPlatformx64

Microsoft ≫ Windows Vista Updatesp1

Microsoft ≫ Windows Vista Updatesp1 HwPlatformx64

Microsoft ≫ Windows Vista Updatesp2

Microsoft ≫ Windows Vista Updatesp2 HwPlatformx64

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	31.95%	0.967

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://www.us-cert.gov/cas/techalerts/TA09-286A.html

Third Party Advisory

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051

Patch

Vendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6407

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2009-0555

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-0555

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-0555

EUVD