Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Windows Media Runtime multiple security vulnerabilities
updated since 13.10.2009
Published:14.10.2009
Source:
SecurityVulns ID:10311
Type:library
Threat Level:
6/10
Description:Buffer overflows, memory corruptions.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2009-2525 (Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka "Windows Media Runtime Heap Corruption Vulnerability.")
 CVE-2009-0555 (Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability.")
Original documentdocumentifsecure_(at)_gmail.com, Windows Media Audio Voice remote code execution (14.10.2009)
 documentZDI, ZDI-09-069: Microsoft Windows Media Player Audio Voice Sample Rate Memory Corruption Vulnerability (14.10.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-051 - Critical Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682) (13.10.2009)
Files:Microsoft Security Bulletin MS09-051 - Critical Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod