This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.
Arbitrary code can be executed on the remote host through opening a
Windows Media Format file.
The remote Windows host contains a version of the Windows Media Runtime
that is affected by multiple vulnerabilities :
- The ASF parser incorrectly parses files which make use
of the Window Media Speech codec. A remote attacker can
exploit this by tricking a user into opening a specially
crafted ASF file, which can lead to arbitrary code
- The Audio Compression Manager does not properly initialize
certain functions in compressed audio files. A remote
attacker can exploit this by tricking a user into opening
a specially crafted media file, which can lead to
arbitrary code execution. (CVE-2009-2525)
See also :
Microsoft has released a set of patches for Windows 2000, XP, 2003,
Vista and 2008.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true