CVE-2009-2498
Summary
| CVE | CVE-2009-2498 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-09-08 22:30:00 UTC |
| Updated | 2023-12-07 18:38:00 UTC |
| Description | Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability." |
Risk And Classification
Problem Types: CWE-94
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | Media Foundation Sdk | All | All | All | All |
| Application | Microsoft | Media Foundation Sdk | All | All | All | All |
| Operating System | Microsoft | Windows 2000 | - | sp4 | All | All |
| Operating System | Microsoft | Windows 2000 | - | sp4 | All | All |
| Application | Microsoft | Windows Media Format Runtime | 11 | All | All | All |
| Application | Microsoft | Windows Media Format Runtime | 9.0 | All | All | All |
| Application | Microsoft | Windows Media Format Runtime | 9.5 | All | All | All |
| Application | Microsoft | Windows Media Format Runtime | 9.5 | All | x64 | All |
| Application | Microsoft | Windows Media Format Runtime | 11 | All | All | All |
| Application | Microsoft | Windows Media Format Runtime | 9.0 | All | All | All |
| Application | Microsoft | Windows Media Format Runtime | 9.5 | All | All | All |
| Application | Microsoft | Windows Media Format Runtime | 9.5 | All | x64 | All |
| Application | Microsoft | Windows Media Services | 2008 | All | All | All |
| Application | Microsoft | Windows Media Services | 9.1 | All | All | All |
| Application | Microsoft | Windows Media Services | 2008 | All | All | All |
| Application | Microsoft | Windows Media Services | 9.1 | All | All | All |
| Operating System | Microsoft | Windows Server 2003 | All | All | All | All |
| Operating System | Microsoft | Windows Server 2003 | All | sp2 | All | All |
| Operating System | Microsoft | Windows Server 2003 | All | All | All | All |
| Operating System | Microsoft | Windows Server 2003 | All | sp2 | All | All |
| Operating System | Microsoft | Windows Server 2008 | - | - | x32 | All |
| Operating System | Microsoft | Windows Server 2008 | - | - | x64 | All |
| Operating System | Microsoft | Windows Server 2008 | - | sp2 | x64 | All |
| Operating System | Microsoft | Windows Server 2008 | - | sp2 | x86 | All |
| Operating System | Microsoft | Windows Server 2008 | - | - | x32 | All |
| Operating System | Microsoft | Windows Server 2008 | - | - | x64 | All |
| Operating System | Microsoft | Windows Server 2008 | - | sp2 | x64 | All |
| Operating System | Microsoft | Windows Server 2008 | - | sp2 | x86 | All |
| Operating System | Microsoft | Windows Vista | All | All | All | All |
| Operating System | Microsoft | Windows Vista | All | All | x64 | All |
| Operating System | Microsoft | Windows Vista | All | sp1 | All | All |
| Operating System | Microsoft | Windows Vista | All | sp1 | x64 | All |
| Operating System | Microsoft | Windows Vista | All | sp2 | All | All |
| Operating System | Microsoft | Windows Vista | All | sp2 | x64 | All |
| Operating System | Microsoft | Windows Vista | - | - | x64 | All |
| Operating System | Microsoft | Windows Vista | - | sp1 | All | All |
| Operating System | Microsoft | Windows Vista | - | sp2 | All | All |
| Operating System | Microsoft | Windows Vista | All | All | All | All |
| Operating System | Microsoft | Windows Vista | All | All | x64 | All |
| Operating System | Microsoft | Windows Vista | All | sp1 | x64 | All |
| Operating System | Microsoft | Windows Vista | All | sp2 | x64 | All |
| Operating System | Microsoft | Windows Vista | - | - | x64 | All |
| Operating System | Microsoft | Windows Vista | - | sp1 | All | All |
| Operating System | Microsoft | Windows Vista | - | sp2 | All | All |
| Operating System | Microsoft | Windows Xp | All | sp2 | professional_x64 | All |
| Operating System | Microsoft | Windows Xp | - | sp2 | All | All |
| Operating System | Microsoft | Windows Xp | - | sp3 | All | All |
| Operating System | Microsoft | Windows Xp | All | sp2 | professional_x64 | All |
| Operating System | Microsoft | Windows Xp | - | sp2 | All | All |
| Operating System | Microsoft | Windows Xp | - | sp3 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Microsoft Security Bulletin MS09-047 - Critical | Microsoft Docs | MS | docs.microsoft.com | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| US-CERT Technical Cyber Security Alert TA09-251A -- Microsoft Updates for Multiple Vulnerabilities | CERT | www.us-cert.gov | US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.