icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

MS09-047: Vulnerabilities in Windows Media Format (Windows Vista / Server 2008)

Medium

Synopsis

The remote Windows host is affected by multiple attack vectors.

Description

The remote Windows host contains a version of the Windows Media Format Runtime that is affected by multiple issues :

- The ASF parser has an invalid free vulnerability. A remote attacker could exploit this by tricking a user into opening a specially crafted ASF file, which could lead to arbitrary code execution. (CVE-2009-2498)

- The MP3 parser has a memory corruption vulnerability. A remote attacker could exploit this by tricking a user into opening a specially crafted MP3 file, which could lead to arbitrary code execution. (CVE-2009-2499)

Solution

Apply the patches in the Microsoft bulletin.