MS09-051: Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)
High Nessus Plugin ID 42107
SynopsisArbitrary code can be executed on the remote host through opening a Windows Media Format file.
DescriptionThe remote Windows host contains a version of the Windows Media Runtime that is affected by multiple vulnerabilities :
- The ASF parser incorrectly parses files which make use of the Window Media Speech codec. A remote attacker can exploit this by tricking a user into opening a specially crafted ASF file, which can lead to arbitrary code execution. (CVE-2009-0555)
- The Audio Compression Manager does not properly initialize certain functions in compressed audio files. A remote attacker can exploit this by tricking a user into opening a specially crafted media file, which can lead to arbitrary code execution. (CVE-2009-2525)
SolutionMicrosoft has released a set of patches for Windows 2000, XP, 2003, Vista and 2008.