CVE-2009-2499 - Vulnerability Details

Vendors	Products
Microsoft	Windows 2000 Windows Media Format Runtime Windows Media Foundation Windows Media Services Windows Server 2003 Windows Server 2008 Windows Vista Windows Xp

Link	Providers
http://www.us-cert.gov/cas/techalerts/TA09-251A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-09-08T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka \"Windows Media Playback Memory Corruption Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "MS09-047", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047"}, {"name": "oval:org.mitre.oval:def:5531", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531"}, {"name": "TA09-251A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2009-2499", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka \"Windows Media Playback Memory Corruption Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "MS09-047", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047"}, {"name": "oval:org.mitre.oval:def:5531", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531"}, {"name": "TA09-251A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:52:14.645Z"}, "title": "CVE Program Container", "references": [{"name": "MS09-047", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047"}, {"name": "oval:org.mitre.oval:def:5531", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531"}, {"name": "TA09-251A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2009-2499", "datePublished": "2009-09-08T22:00:00", "dateReserved": "2009-07-17T00:00:00", "dateUpdated": "2024-08-07T05:52:14.645Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2009-09-08T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka "Windows Media Playback Memory Corruption Vulnerability." (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-10-12T19:57:01 (string)

orgId : f38d906d-7342-40ea-92c1-6c4a2c6478c8 (string)

shortName : microsoft (string)

}

references : [ »

0 : { »

name : MS09-047 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MS (string)

]

url : https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047 (string)

}

1 : { »

name : oval:org.mitre.oval:def:5531 (string)

tags : [ »

0 : vdb-entry (string)

1 : signature (string)

2 : x_refsource_OVAL (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531 (string)

}

2 : { »

name : TA09-251A (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA09-251A.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secure@microsoft.com (string)

ID : CVE-2009-2499 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka "Windows Media Playback Memory Corruption Vulnerability." (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : MS09-047 (string)

refsource : MS (string)

url : https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047 (string)

}

1 : { »

name : oval:org.mitre.oval:def:5531 (string)

refsource : OVAL (string)

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531 (string)

}

2 : { »

name : TA09-251A (string)

refsource : CERT (string)

url : http://www.us-cert.gov/cas/techalerts/TA09-251A.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-07T05:52:14.645Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : MS09-047 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MS (string)

2 : x_transferred (string)

]

url : https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047 (string)

}

1 : { »

name : oval:org.mitre.oval:def:5531 (string)

tags : [ »

0 : vdb-entry (string)

1 : signature (string)

2 : x_refsource_OVAL (string)

3 : x_transferred (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531 (string)

}

2 : { »

name : TA09-251A (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT (string)

2 : x_transferred (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA09-251A.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : f38d906d-7342-40ea-92c1-6c4a2c6478c8 (string)

assignerShortName : microsoft (string)

cveId : CVE-2009-2499 (string)

datePublished : 2009-09-08T22:00:00 (string)

dateReserved : 2009-07-17T00:00:00 (string)

dateUpdated : 2024-08-07T05:52:14.645Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:windows_media_format_runtime:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "E7DEC28F-EB69-4B28-AAE9-674DE2C994E7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*", "matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*", "matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:*:*:*:*:*:*", "matchCriteriaId": "F6DBB016-22A2-4B12-A1A4-DEE8ABF14B9B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*", "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*", "matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:x64:*:*:*:*:*", "matchCriteriaId": "87AA5126-90FF-40F5-8664-E8260C2C8CF5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*", "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:*", "matchCriteriaId": "61AAD264-CC98-4FB7-BDDD-6920D4AD1B5D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:*:*:*:*:*", "matchCriteriaId": "26A548AB-7C40-4CB7-B024-8A2DA947F245", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:*:*:*:*:*", "matchCriteriaId": "5BE99796-BADE-40D1-AD85-03D28A466E5F", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*", "matchCriteriaId": "2C9B0563-D613-497D-8F2E-515E6DA00CA5", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*", "matchCriteriaId": "BA99C751-91CB-43D4-93FF-1C12342CAF1E", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*", "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*", "matchCriteriaId": "3A04E39A-623E-45CA-A5FC-25DAA0F275A3", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*", "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*", "matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:windows_media_services:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "A3E3CAB6-D1AF-4B13-97E3-0E96D4F32F87", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*", "matchCriteriaId": "31A64C69-D182-4BEC-BA8A-7B405F5B2FC0", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:windows_media_services:2008:*:*:*:*:*:*:*", "matchCriteriaId": "DB686D09-A33F-408E-9083-F988066FCE66", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:*:*:*:*:*", "matchCriteriaId": "26A548AB-7C40-4CB7-B024-8A2DA947F245", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:*:*:*:*:*", "matchCriteriaId": "5BE99796-BADE-40D1-AD85-03D28A466E5F", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*", "matchCriteriaId": "2C9B0563-D613-497D-8F2E-515E6DA00CA5", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*", "matchCriteriaId": "BA99C751-91CB-43D4-93FF-1C12342CAF1E", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:windows_media_foundation:-:*:*:*:*:*:*:*", "matchCriteriaId": "8BBC8864-560B-480A-903B-19215000C69D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:*:*:*:*:*", "matchCriteriaId": "26A548AB-7C40-4CB7-B024-8A2DA947F245", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:*:*:*:*:*", "matchCriteriaId": "5BE99796-BADE-40D1-AD85-03D28A466E5F", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*", "matchCriteriaId": "2C9B0563-D613-497D-8F2E-515E6DA00CA5", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*", "matchCriteriaId": "BA99C751-91CB-43D4-93FF-1C12342CAF1E", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:-:-:x64:*:*:*:*:*", "matchCriteriaId": "CD560746-0AED-4646-934E-6742888FB6F2", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*", "matchCriteriaId": "3A04E39A-623E-45CA-A5FC-25DAA0F275A3", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka \"Windows Media Playback Memory Corruption Vulnerability.\""}, {"lang": "es", "value": "Microsoft Windows Media Format Runtime v9.0, v9.5, y v11; y Microsoft Media Foundation en Windows Vista Gold, SP1, y SP2 y Server 2008; permite a atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n en un fichero MP3 con metadatos manipulados que desembocan en un error de memoria, tambi\u00e9n llamado \"Vulnerabilidad de error de memoria Windows Media Playback.\""}], "id": "CVE-2009-2499", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-09-08T22:30:00.437", "references": [{"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microsoft:windows_media_format_runtime:9.0:*:*:*:*:*:*:* (string)

matchCriteriaId : E7DEC28F-EB69-4B28-AAE9-674DE2C994E7 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:* (string)

matchCriteriaId : CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:* (string)

matchCriteriaId : 34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:* (string)

matchCriteriaId : C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:*:*:*:*:*:* (string)

matchCriteriaId : F6DBB016-22A2-4B12-A1A4-DEE8ABF14B9B (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:* (string)

matchCriteriaId : 4D3B5E4F-56A6-4696-BBB4-19DF3613D020 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:* (string)

matchCriteriaId : 1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:* (string)

matchCriteriaId : 34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:* (string)

matchCriteriaId : C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:x64:*:*:*:*:* (string)

matchCriteriaId : 87AA5126-90FF-40F5-8664-E8260C2C8CF5 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:* (string)

matchCriteriaId : 4D3B5E4F-56A6-4696-BBB4-19DF3613D020 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:* (string)

matchCriteriaId : 1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:* (string)

matchCriteriaId : 61AAD264-CC98-4FB7-BDDD-6920D4AD1B5D (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:*:*:*:*:* (string)

matchCriteriaId : 26A548AB-7C40-4CB7-B024-8A2DA947F245 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:*:*:*:*:* (string)

matchCriteriaId : 5BE99796-BADE-40D1-AD85-03D28A466E5F (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:* (string)

matchCriteriaId : 2C9B0563-D613-497D-8F2E-515E6DA00CA5 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:* (string)

matchCriteriaId : BA99C751-91CB-43D4-93FF-1C12342CAF1E (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 3852BB02-47A1-40B3-8E32-8D8891A53114 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:* (string)

matchCriteriaId : 1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:* (string)

matchCriteriaId : C162FFF0-1E8F-4DCF-A08F-6C6E324ED878 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:* (string)

matchCriteriaId : 0A0D2704-C058-420B-B368-372D1129E914 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:* (string)

matchCriteriaId : 3A04E39A-623E-45CA-A5FC-25DAA0F275A3 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:* (string)

matchCriteriaId : BF1AD1A1-EE20-4BCE-9EE6-84B27139811C (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:* (string)

matchCriteriaId : 1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:* (string)

matchCriteriaId : 34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:* (string)

matchCriteriaId : C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microsoft:windows_media_services:9.1:*:*:*:*:*:*:* (string)

matchCriteriaId : A3E3CAB6-D1AF-4B13-97E3-0E96D4F32F87 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 31A64C69-D182-4BEC-BA8A-7B405F5B2FC0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:* (string)

matchCriteriaId : 4D3B5E4F-56A6-4696-BBB4-19DF3613D020 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

5 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microsoft:windows_media_services:2008:*:*:*:*:*:*:* (string)

matchCriteriaId : DB686D09-A33F-408E-9083-F988066FCE66 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:*:*:*:*:* (string)

matchCriteriaId : 26A548AB-7C40-4CB7-B024-8A2DA947F245 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:*:*:*:*:* (string)

matchCriteriaId : 5BE99796-BADE-40D1-AD85-03D28A466E5F (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:* (string)

matchCriteriaId : 2C9B0563-D613-497D-8F2E-515E6DA00CA5 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:* (string)

matchCriteriaId : BA99C751-91CB-43D4-93FF-1C12342CAF1E (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

6 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microsoft:windows_media_foundation:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 8BBC8864-560B-480A-903B-19215000C69D (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:*:*:*:*:* (string)

matchCriteriaId : 26A548AB-7C40-4CB7-B024-8A2DA947F245 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:*:*:*:*:* (string)

matchCriteriaId : 5BE99796-BADE-40D1-AD85-03D28A466E5F (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:* (string)

matchCriteriaId : 2C9B0563-D613-497D-8F2E-515E6DA00CA5 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:* (string)

matchCriteriaId : BA99C751-91CB-43D4-93FF-1C12342CAF1E (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 3852BB02-47A1-40B3-8E32-8D8891A53114 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:* (string)

matchCriteriaId : C162FFF0-1E8F-4DCF-A08F-6C6E324ED878 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:* (string)

matchCriteriaId : 0A0D2704-C058-420B-B368-372D1129E914 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:microsoft:windows_vista:-:-:x64:*:*:*:*:* (string)

matchCriteriaId : CD560746-0AED-4646-934E-6742888FB6F2 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:* (string)

matchCriteriaId : 3A04E39A-623E-45CA-A5FC-25DAA0F275A3 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:* (string)

matchCriteriaId : BF1AD1A1-EE20-4BCE-9EE6-84B27139811C (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka "Windows Media Playback Memory Corruption Vulnerability." (string)

}

1 : { »

lang : es (string)

value : Microsoft Windows Media Format Runtime v9.0, v9.5, y v11; y Microsoft Media Foundation en Windows Vista Gold, SP1, y SP2 y Server 2008; permite a atacantes remotos ejecutar código a su elección en un fichero MP3 con metadatos manipulados que desembocan en un error de memoria, también llamado "Vulnerabilidad de error de memoria Windows Media Playback." (string)

}

]

id : CVE-2009-2499 (string)

lastModified : 2025-04-09T00:30:58.490 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : COMPLETE (string)

baseScore : 8.5 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:M/Au:S/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 6.8 (number)

impactScore : 10 (number)

obtainAllPrivilege : true (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

}

published : 2009-09-08T22:30:00.437 (string)

references : [ »

0 : { »

source : secure@microsoft.com (string)

tags : [ »

0 : US Government Resource (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA09-251A.html (string)

}

1 : { »

source : secure@microsoft.com (string)

url : https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047 (string)

}

2 : { »

source : secure@microsoft.com (string)

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : US Government Resource (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA09-251A.html (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531 (string)

}

]

sourceIdentifier : secure@microsoft.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-94 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object