CVE-2009-2499

Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka "Windows Media Playback Memory Corruption Vulnerability."

Published: Sep 9, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-2499
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
microsoft / windows_media_format_runtime	9.0	9.0.x
microsoft / windows_2000	--sp4	--sp4.x
microsoft / windows_xp	--sp3	--sp3.x
microsoft / windows_xp	--sp2	--sp2.x
microsoft / windows_media_format_runtime	9.5	9.5.x
microsoft / windows_server_2003	-	-
microsoft / windows_xp	-	-
microsoft / windows_media_format_runtime	11	11.x
microsoft / windows_server_2008	--sp2	--sp2.x
microsoft / windows_vista	-	-
microsoft / windows_vista	--sp1	--sp1.x
microsoft / windows_vista	--sp2	--sp2.x
microsoft / windows_media_services	9.1	9.1.x
microsoft / windows_media_services	2008	2008.x

Vulnerability Database

289,571

CVE-2009-2499