CVE-2009-2525
Summary
| CVE | CVE-2009-2525 |
|---|---|
| State | PUBLISHED |
| Assigner | microsoft |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-10-14 10:30:01 UTC |
| Updated | 2026-04-23 00:35:47 UTC |
| Description | Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka "Windows Media Runtime Heap Corruption Vulnerability." |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:M/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Microsoft | Windows 2000 | All | sp4 | All | All |
| Application | Microsoft | Windows Media Format Runtime | 9.0 | All | All | All |
| Application | Microsoft | Windows Media Player | 9 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| US-CERT Technical Cyber Security Alert TA09-286A -- Microsoft Updates for Multiple Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.us-cert.gov | US Government Resource |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | |
| Microsoft Security Bulletin MS09-051 - Critical | Microsoft Docs | af854a3a-2127-422b-91ae-364da2661108 | docs.microsoft.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.