MS09-047: Windows Media Format Multiple Vulnerabilities (Windows 2000)

Medium Nessus Network Monitor Plugin ID 5163

Synopsis

The remote Windows host is affected by multiple attack vectors.

Description

The remote Windows host contains a version of the Windows Media Format Runtime that is affected by multiple issues :

- The ASF parser has an invalid free vulnerability. A remote attacker could exploit this by tricking a user into opening a specially crafted ASF file, which could lead to arbitrary code execution. (CVE-2009-2498)

- The MP3 parser has a memory corruption vulnerability. A remote attacker could exploit this by tricking a user into opening a specially crafted MP3 file, which could lead to arbitrary code execution. (CVE-2009-2499)

Note, that this patch is not available for unsupported Service Packs.

Solution

Apply the patches in the Microsoft bulletin.

See Also

http://www.microsoft.com/technet/security/bulletin/MS09-047.mspx

Plugin Details

Severity: Medium

ID: 5163

File Name: 5163.prm

Family: Generic

Published: 2009/09/11

Modified: 2017/02/02

Nessus ID: 40890

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 5.6

Temporal Score: 5.2

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2009/09/08

Vulnerability Publication Date: 2009/09/08

Reference Information

CVE: CVE-2009-2498, CVE-2009-2499

BID: 36225, 36228

OSVDB: 57802, 57803

IAVA: 2009-A-0076