Microsoft Windows Media Runtime multiple security vulnerabilities

[EN] securityvulns.ru
no-pyccku

Microsoft Windows Media Runtime multiple security vulnerabilities
updated since 13.10.2009
Published: 14.10.2009
Source: MICROSOFT
SecurityVulns ID: 10311
Type: library
Level: 6/10
Description: Buffer overflows, memory corruptions.

Affected: MICROSOFT : Windows 2000 Server
MICROSOFT : Windows 2000 Professional
MICROSOFT : Windows XP
MICROSOFT : Windows 2003 Server
MICROSOFT : Windows Vista
MICROSOFT : Windows 2008 Server
CVE: CVE-2009-2525 (Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka "Windows Media Runtime Heap Corruption Vulnerability.")
CVE-2009-0555 (Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability.")

Original document ifsecure_(at)_gmail.com, Windows Media Audio Voice remote code execution (14.10.2009)

ZDI, ZDI-09-069: Microsoft Windows Media Player Audio Voice Sample Rate Memory Corruption Vulnerability (14.10.2009)

MICROSOFT, Microsoft Security Bulletin MS09-051 - Critical Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682) (13.10.2009)

Files: Microsoft Security Bulletin MS09-051 - Critical Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)
Discuss: Read or add your comments to this news (0 comments)