CVE-2009-0555 - Vulnerability Details

Vendors	Products
Microsoft	Windows 2000 Windows Media Format Runtime Windows Media Player Windows Server 2003 Windows Server 2008 Windows Vista Windows Xp

Link	Providers
http://www.us-cert.gov/cas/techalerts/TA09-286A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6407

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-10-13T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka \"Windows Media Runtime Voice Sample Rate Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "oval:org.mitre.oval:def:6407", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6407"}, {"name": "TA09-286A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"}, {"name": "MS09-051", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2009-0555", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka \"Windows Media Runtime Voice Sample Rate Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "oval:org.mitre.oval:def:6407", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6407"}, {"name": "TA09-286A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"}, {"name": "MS09-051", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:40:05.072Z"}, "title": "CVE Program Container", "references": [{"name": "oval:org.mitre.oval:def:6407", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6407"}, {"name": "TA09-286A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"}, {"name": "MS09-051", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2009-0555", "datePublished": "2009-10-14T10:00:00", "dateReserved": "2009-02-12T00:00:00", "dateUpdated": "2024-08-07T04:40:05.072Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2009-10-13T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability." (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-10-12T19:57:01 (string)

orgId : f38d906d-7342-40ea-92c1-6c4a2c6478c8 (string)

shortName : microsoft (string)

}

references : [ »

0 : { »

name : oval:org.mitre.oval:def:6407 (string)

tags : [ »

0 : vdb-entry (string)

1 : signature (string)

2 : x_refsource_OVAL (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6407 (string)

}

1 : { »

name : TA09-286A (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA09-286A.html (string)

}

2 : { »

name : MS09-051 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MS (string)

]

url : https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secure@microsoft.com (string)

ID : CVE-2009-0555 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability." (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : oval:org.mitre.oval:def:6407 (string)

refsource : OVAL (string)

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6407 (string)

}

1 : { »

name : TA09-286A (string)

refsource : CERT (string)

url : http://www.us-cert.gov/cas/techalerts/TA09-286A.html (string)

}

2 : { »

name : MS09-051 (string)

refsource : MS (string)

url : https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-07T04:40:05.072Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : oval:org.mitre.oval:def:6407 (string)

tags : [ »

0 : vdb-entry (string)

1 : signature (string)

2 : x_refsource_OVAL (string)

3 : x_transferred (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6407 (string)

}

1 : { »

name : TA09-286A (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT (string)

2 : x_transferred (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA09-286A.html (string)

}

2 : { »

name : MS09-051 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MS (string)

2 : x_transferred (string)

]

url : https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : f38d906d-7342-40ea-92c1-6c4a2c6478c8 (string)

assignerShortName : microsoft (string)

cveId : CVE-2009-0555 (string)

datePublished : 2009-10-14T10:00:00 (string)

dateReserved : 2009-02-12T00:00:00 (string)

dateUpdated : 2024-08-07T04:40:05.072Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:windows_media_format_runtime:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "E7DEC28F-EB69-4B28-AAE9-674DE2C994E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:windows_media_player:9:*:*:*:*:*:*:*", "matchCriteriaId": "3778BBD3-6C58-46DF-B1EB-ED02513CA8D6", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:windows_media_format_runtime:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "E7DEC28F-EB69-4B28-AAE9-674DE2C994E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:*:*:*:*:*:*", "matchCriteriaId": "F6DBB016-22A2-4B12-A1A4-DEE8ABF14B9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:*", "matchCriteriaId": "61AAD264-CC98-4FB7-BDDD-6920D4AD1B5D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:x64:*", "matchCriteriaId": "ABBA5D64-4184-4420-B7D0-A4E41359AA5A", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:*:*:*:*:*:*", "matchCriteriaId": "F6DBB016-22A2-4B12-A1A4-DEE8ABF14B9B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "1D929AA2-EE0B-4AA1-805D-69BCCA11B77F", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:*", "matchCriteriaId": "61AAD264-CC98-4FB7-BDDD-6920D4AD1B5D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:*", "matchCriteriaId": "BAB70FD5-09F3-4215-99C4-299EDE8D26DB", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:x86:*", "matchCriteriaId": "283F5DF4-B68A-4C1D-822A-1C0EB67C2C35", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*", "matchCriteriaId": "F8216946-5F76-48B9-91CC-207F657D7D3C", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x86:*", "matchCriteriaId": "B36BFDA7-596B-45EA-AACE-F8A796CECDBB", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:x64:*", "matchCriteriaId": "06E7E0F7-AA6F-477C-AAA7-C0419CD2F3BC", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:x64:*", "matchCriteriaId": "687E66DB-E5CC-4B13-B9B7-89CC6B49B693", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:*", "matchCriteriaId": "0161C884-70A5-4AD0-BD80-F0F7B3D8579E", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka \"Windows Media Runtime Voice Sample Rate Vulnerability.\""}, {"lang": "es", "value": "Microsoft Windows Media Runtime, como se utiliza en DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, y Audio Compression Manager (ACM), no accede correctamente a los ficheros ASF, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero de audio manipulado que utiliza el codec Windows Media Speech, tambi\u00e9n conocido como \"Vulnerabilidad de Windows Media Runtime Voice Sample Rate\"."}], "id": "CVE-2009-0555", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-10-14T10:30:00.920", "references": [{"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051"}, {"source": "secure@microsoft.com", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6407"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6407"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:* (string)

matchCriteriaId : 83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microsoft:windows_media_format_runtime:9.0:*:*:*:*:*:*:* (string)

matchCriteriaId : E7DEC28F-EB69-4B28-AAE9-674DE2C994E7 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:microsoft:windows_media_player:9:*:*:*:*:*:*:* (string)

matchCriteriaId : 3778BBD3-6C58-46DF-B1EB-ED02513CA8D6 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microsoft:windows_media_format_runtime:9.0:*:*:*:*:*:*:* (string)

matchCriteriaId : E7DEC28F-EB69-4B28-AAE9-674DE2C994E7 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:*:*:*:*:*:* (string)

matchCriteriaId : F6DBB016-22A2-4B12-A1A4-DEE8ABF14B9B (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:* (string)

matchCriteriaId : 61AAD264-CC98-4FB7-BDDD-6920D4AD1B5D (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:* (string)

matchCriteriaId : 9B339C33-8896-4896-88FF-88E74FDBC543 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:x64:* (string)

matchCriteriaId : ABBA5D64-4184-4420-B7D0-A4E41359AA5A (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:* (string)

matchCriteriaId : CE477A73-4EE4-41E9-8694-5A3D5DC88656 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:*:*:*:*:*:* (string)

matchCriteriaId : F6DBB016-22A2-4B12-A1A4-DEE8ABF14B9B (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:* (string)

matchCriteriaId : 4D3B5E4F-56A6-4696-BBB4-19DF3613D020 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:* (string)

matchCriteriaId : 1D929AA2-EE0B-4AA1-805D-69BCCA11B77F (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:* (string)

matchCriteriaId : 61AAD264-CC98-4FB7-BDDD-6920D4AD1B5D (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:* (string)

matchCriteriaId : BAB70FD5-09F3-4215-99C4-299EDE8D26DB (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:x86:* (string)

matchCriteriaId : 283F5DF4-B68A-4C1D-822A-1C0EB67C2C35 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:* (string)

matchCriteriaId : F8216946-5F76-48B9-91CC-207F657D7D3C (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x86:* (string)

matchCriteriaId : B36BFDA7-596B-45EA-AACE-F8A796CECDBB (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 3852BB02-47A1-40B3-8E32-8D8891A53114 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:x64:* (string)

matchCriteriaId : 06E7E0F7-AA6F-477C-AAA7-C0419CD2F3BC (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:* (string)

matchCriteriaId : C162FFF0-1E8F-4DCF-A08F-6C6E324ED878 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:x64:* (string)

matchCriteriaId : 687E66DB-E5CC-4B13-B9B7-89CC6B49B693 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:* (string)

matchCriteriaId : 0A0D2704-C058-420B-B368-372D1129E914 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:* (string)

matchCriteriaId : 0161C884-70A5-4AD0-BD80-F0F7B3D8579E (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability." (string)

}

1 : { »

lang : es (string)

value : Microsoft Windows Media Runtime, como se utiliza en DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, y Audio Compression Manager (ACM), no accede correctamente a los ficheros ASF, lo que permite a atacantes remotos ejecutar código arbitrario a través de un fichero de audio manipulado que utiliza el codec Windows Media Speech, también conocido como "Vulnerabilidad de Windows Media Runtime Voice Sample Rate". (string)

}

]

id : CVE-2009-0555 (string)

lastModified : 2025-04-09T00:30:58.490 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 9.3 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:M/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

}

published : 2009-10-14T10:30:00.920 (string)

references : [ »

0 : { »

source : secure@microsoft.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA09-286A.html (string)

}

1 : { »

source : secure@microsoft.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051 (string)

}

2 : { »

source : secure@microsoft.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6407 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA09-286A.html (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6407 (string)

}

]

sourceIdentifier : secure@microsoft.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-94 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object