Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MS09-047: Windows Media Format Multiple Vulnerabilities (Windows XP 32-bit)

Medium

Synopsis

The remote Windows host is affected by multiple attack vectors.

Description

The remote Windows host contains a version of the Windows Media Format Runtime that is affected by multiple issues :

- The ASF parser has an invalid free vulnerability. A remote attacker could exploit this by tricking a user into opening a specially crafted ASF file, which could lead to arbitrary code execution. (CVE-2009-2498)

- The MP3 parser has a memory corruption vulnerability. A remote attacker could exploit this by tricking a user into opening a specially crafted MP3 file, which could lead to arbitrary code execution. (CVE-2009-2499)

Note that this patch is not available for unsupported Service Packs.

Solution

Apply the patches in the Microsoft bulletin.