Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMicrosoftCVE-2009-2498
HistorySep 08, 2009 - 10:30 p.m.

CVE-2009-2498

2009-09-0822:30:00
CWE-94
microsoft
web.nvd.nist.gov
58
cve-2009-2498
microsoft
windows
media format
runtime
windows media services
vulnerability
asf
malformed headers
remote execution
arbitrary code
file parsing

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.731

Percentile

98.2%

JSON

Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka β€œWindows Media Header Parsing Invalid Free Vulnerability.”

Affected configurations

Nvd
Node
microsoftwindows_media_format_runtimeMatch9.0
AND
microsoftwindows_2000Match-sp4
OR
microsoftwindows_xpMatch-sp2
OR
microsoftwindows_xpMatch-sp3
Node
microsoftwindows_media_format_runtimeMatch9.5
AND
microsoftwindows_server_2003sp2
OR
microsoftwindows_xpsp2professional_x64
OR
microsoftwindows_xpMatch-sp2
OR
microsoftwindows_xpMatch-sp3
Node
microsoftwindows_media_format_runtimeMatch9.5x64
AND
microsoftwindows_server_2003sp2
OR
microsoftwindows_xpsp2professional_x64
Node
microsoftwindows_media_format_runtimeMatch11
AND
microsoftwindows_server_2008Match--x32
OR
microsoftwindows_server_2008Match--x64
OR
microsoftwindows_server_2008Match-sp2x64
OR
microsoftwindows_server_2008Match-sp2x86
OR
microsoftwindows_vista
OR
microsoftwindows_vistax64
OR
microsoftwindows_vistasp1
OR
microsoftwindows_vistasp2
OR
microsoftwindows_vistaMatch-sp1
OR
microsoftwindows_vistaMatch-sp2
OR
microsoftwindows_xpsp2professional_x64
OR
microsoftwindows_xpMatch-sp2
OR
microsoftwindows_xpMatch-sp3
Node
microsoftwindows_media_servicesMatch9.1
AND
microsoftwindows_server_2003
OR
microsoftwindows_server_2003sp2
Node
microsoftwindows_media_servicesMatch2008
AND
microsoftwindows_server_2008Match--x32
OR
microsoftwindows_server_2008Match--x64
OR
microsoftwindows_server_2008Match-sp2x64
OR
microsoftwindows_server_2008Match-sp2x86
Node
microsoftmedia_foundation_sdk
AND
microsoftwindows_server_2008Match--x32
OR
microsoftwindows_server_2008Match--x64
OR
microsoftwindows_server_2008Match-sp2x64
OR
microsoftwindows_server_2008Match-sp2x86
OR
microsoftwindows_vista
OR
microsoftwindows_vistasp1
OR
microsoftwindows_vistasp2
OR
microsoftwindows_vistaMatch--x64
OR
microsoftwindows_vistaMatch-sp1
OR
microsoftwindows_vistaMatch-sp2
VendorProductVersionCPE
microsoftwindows_media_format_runtime9.0cpe:2.3:a:microsoft:windows_media_format_runtime:9.0:*:*:*:*:*:*:*
microsoftwindows_2000-cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
microsoftwindows_xp-cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
microsoftwindows_xp-cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
microsoftwindows_media_format_runtime9.5cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:*:*:*:*:*:*
microsoftwindows_server_2003*cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
microsoftwindows_media_format_runtime9.5cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:x64:*:*:*:*:*
microsoftwindows_media_format_runtime11cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:*
microsoftwindows_server_2008-cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:*:*:*:*:*
Rows per page:
1-10 of 241

Related

seebug 1
prion 1
nvd 1
checkpoint_advisories 2
cvelist 1
nessus 6
securityvulns 2
openvas 2
jvn 1
seebug
seebug
Microsoft Windows Media FormatθΏθ‘Œζ—ΆεΊ“ASFε€΄ζ— ζ•ˆι‡Šζ”Ύε†…ε­˜η ΄εζΌζ΄žοΌˆMS09-047οΌ‰
2009-09-11 00:00:00
prion
prion
Design/Logic Flaw
2009-09-08 22:30:00
nvd
nvd
CVE-2009-2498
2009-09-08 22:30:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows ASF File Media Header Parsing Code Execution - Ver2 (CVE-2009-2498)
2014-03-03 00:00:00
Microsoft Windows ASF File Media Header Parsing Code Execution (MS09-047; CVE-2009-2498)
2009-09-08 00:00:00
cvelist
cvelist
CVE-2009-2498
2009-09-08 22:00:00
nessus
nessus
MS09-047: Windows Media Format Multiple Vulnerabilities (Windows Vista / Server 2008)
2009-09-11 00:00:00
MS09-047: Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812)
2009-09-08 00:00:00
MS09-047: Windows Media Format Multiple Vulnerabilities (Windows XP 32-bit)
2009-09-11 00:00:00
securityvulns
securityvulns
Microsoft Windows Media formats security vulnerabilities
2009-09-09 00:00:00
Microsoft Security Bulletin MS09-047 - Critical Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812)
2009-09-09 00:00:00
openvas
openvas
Microsoft Windows Media Format Remote Code Execution Vulnerability (973812)
2009-09-10 00:00:00
Microsoft Windows Media Format Remote Code Execution Vulnerability (973812)
2009-09-10 00:00:00
jvn
jvn
JVN#62211338 Buffer overflow vulnerability in Microsoft Windows
2009-09-09 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.731

Percentile

98.2%

JSON
Related for CVE-2009-2498
seebug1prion1nvd1checkpoint_advisories2cvelist1nessus6securityvulns2openvas2jvn1