CVE-2009-2498

EPSS 36.52%
Published 08.09.2009 22:30:00
Last modified 09.04.2025 00:30:58
Source secure@microsoft.com
Teams watchlist Login
Open Login

Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows Media Format Runtime Version9.0

Microsoft ≫ Windows 2000 Version- Updatesp4

Microsoft ≫ Windows Xp Version- Updatesp2

Microsoft ≫ Windows Xp Version- Updatesp3

Microsoft ≫ Windows Media Format Runtime Version9.5

Microsoft ≫ Windows Server 2003 Updatesp2

Microsoft ≫ Windows Xp Updatesp2 Editionprofessional_x64

Microsoft ≫ Windows Xp Version- Updatesp2

Microsoft ≫ Windows Xp Version- Updatesp3

Microsoft ≫ Windows Media Format Runtime Version9.5 Editionx64

Microsoft ≫ Windows Server 2003 Updatesp2

Microsoft ≫ Windows Xp Updatesp2 Editionprofessional_x64

Microsoft ≫ Windows Media Format Runtime Version11

Microsoft ≫ Windows Server 2008 Version- Update- Editionx32

Microsoft ≫ Windows Server 2008 Version- Update- Editionx64

Microsoft ≫ Windows Server 2008 Version- Updatesp2 Editionx64

Microsoft ≫ Windows Server 2008 Version- Updatesp2 Editionx86

Microsoft ≫ Windows Vista

Microsoft ≫ Windows Vista Editionx64

Microsoft ≫ Windows Vista Updatesp1

Microsoft ≫ Windows Vista Updatesp2

Microsoft ≫ Windows Vista Version- Updatesp1

Microsoft ≫ Windows Vista Version- Updatesp2

Microsoft ≫ Windows Xp Updatesp2 Editionprofessional_x64

Microsoft ≫ Windows Xp Version- Updatesp2

Microsoft ≫ Windows Xp Version- Updatesp3

Microsoft ≫ Windows Media Services Version9.1

Microsoft ≫ Windows Server 2003

Microsoft ≫ Windows Server 2003 Updatesp2

Microsoft ≫ Windows Media Services Version2008

Microsoft ≫ Windows Server 2008 Version- Update- Editionx32

Microsoft ≫ Windows Server 2008 Version- Update- Editionx64

Microsoft ≫ Windows Server 2008 Version- Updatesp2 Editionx64

Microsoft ≫ Windows Server 2008 Version- Updatesp2 Editionx86

Microsoft ≫ Media Foundation Sdk

Microsoft ≫ Windows Server 2008 Version- Update- Editionx32

Microsoft ≫ Windows Server 2008 Version- Update- Editionx64

Microsoft ≫ Windows Server 2008 Version- Updatesp2 Editionx64

Microsoft ≫ Windows Server 2008 Version- Updatesp2 Editionx86

Microsoft ≫ Windows Vista

Microsoft ≫ Windows Vista Updatesp1

Microsoft ≫ Windows Vista Updatesp2

Microsoft ≫ Windows Vista Version- Update- Editionx64

Microsoft ≫ Windows Vista Version- Updatesp1

Microsoft ≫ Windows Vista Version- Updatesp2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	36.52%	0.97

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://www.us-cert.gov/cas/techalerts/TA09-251A.html

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6257

https://nvd.nist.gov/vuln/detail/CVE-2009-2498

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2498

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2498

EUVD