{"api_version":"1","generated_at":"2026-05-13T10:06:30+00:00","cve":"CVE-2009-0555","urls":{"html":"https://cve.report/CVE-2009-0555","api":"https://cve.report/api/cve/CVE-2009-0555.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2009-0555","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2009-0555"},"summary":{"title":"CVE-2009-0555","description":"Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka \"Windows Media Runtime Voice Sample Rate Vulnerability.\"","state":"PUBLISHED","assigner":"microsoft","published_at":"2009-10-14 10:30:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-94","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"9.3","severity":"","vector":"AV:N/AC:M/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.us-cert.gov/cas/techalerts/TA09-286A.html","name":"http://www.us-cert.gov/cas/techalerts/TA09-286A.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"],"title":"US-CERT Technical Cyber Security Alert TA09-286A -- Microsoft Updates for Multiple Vulnerabilities","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051","name":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Microsoft Security Bulletin MS09-051 - Critical | Microsoft Docs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6407","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6407","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2009-0555","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0555","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2009","cve_id":"555","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_2000","cpe6":"*","cpe7":"sp4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"555","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"windows_media_format_runtime","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"555","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"windows_media_player","cpe6":"9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T04:40:05.072Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"oval:org.mitre.oval:def:6407","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6407"},{"name":"TA09-286A","tags":["third-party-advisory","x_refsource_CERT","x_transferred"],"url":"http://www.us-cert.gov/cas/techalerts/TA09-286A.html"},{"name":"MS09-051","tags":["vendor-advisory","x_refsource_MS","x_transferred"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2009-10-13T00:00:00.000Z","descriptions":[{"lang":"en","value":"Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka \"Windows Media Runtime Voice Sample Rate Vulnerability.\""}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-12T19:57:01.000Z","orgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","shortName":"microsoft"},"references":[{"name":"oval:org.mitre.oval:def:6407","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6407"},{"name":"TA09-286A","tags":["third-party-advisory","x_refsource_CERT"],"url":"http://www.us-cert.gov/cas/techalerts/TA09-286A.html"},{"name":"MS09-051","tags":["vendor-advisory","x_refsource_MS"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","ID":"CVE-2009-0555","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka \"Windows Media Runtime Voice Sample Rate Vulnerability.\""}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"oval:org.mitre.oval:def:6407","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6407"},{"name":"TA09-286A","refsource":"CERT","url":"http://www.us-cert.gov/cas/techalerts/TA09-286A.html"},{"name":"MS09-051","refsource":"MS","url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051"}]}}}},"cveMetadata":{"assignerOrgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","assignerShortName":"microsoft","cveId":"CVE-2009-0555","datePublished":"2009-10-14T10:00:00.000Z","dateReserved":"2009-02-12T00:00:00.000Z","dateUpdated":"2024-08-07T04:40:05.072Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2009-10-14 10:30:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-94","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*","matchCriteriaId":"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:windows_media_format_runtime:9.0:*:*:*:*:*:*:*","matchCriteriaId":"E7DEC28F-EB69-4B28-AAE9-674DE2C994E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:windows_media_player:9:*:*:*:*:*:*:*","matchCriteriaId":"3778BBD3-6C58-46DF-B1EB-ED02513CA8D6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:windows_media_format_runtime:9.0:*:*:*:*:*:*:*","matchCriteriaId":"E7DEC28F-EB69-4B28-AAE9-674DE2C994E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:*:*:*:*:*:*","matchCriteriaId":"F6DBB016-22A2-4B12-A1A4-DEE8ABF14B9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:*","matchCriteriaId":"61AAD264-CC98-4FB7-BDDD-6920D4AD1B5D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*","matchCriteriaId":"9B339C33-8896-4896-88FF-88E74FDBC543"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:x64:*","matchCriteriaId":"ABBA5D64-4184-4420-B7D0-A4E41359AA5A"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*","matchCriteriaId":"CE477A73-4EE4-41E9-8694-5A3D5DC88656"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:*:*:*:*:*:*","matchCriteriaId":"F6DBB016-22A2-4B12-A1A4-DEE8ABF14B9B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*","matchCriteriaId":"4D3B5E4F-56A6-4696-BBB4-19DF3613D020"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*","matchCriteriaId":"1D929AA2-EE0B-4AA1-805D-69BCCA11B77F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:*","matchCriteriaId":"61AAD264-CC98-4FB7-BDDD-6920D4AD1B5D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:*","matchCriteriaId":"BAB70FD5-09F3-4215-99C4-299EDE8D26DB"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:x86:*","matchCriteriaId":"283F5DF4-B68A-4C1D-822A-1C0EB67C2C35"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*","matchCriteriaId":"F8216946-5F76-48B9-91CC-207F657D7D3C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x86:*","matchCriteriaId":"B36BFDA7-596B-45EA-AACE-F8A796CECDBB"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*","matchCriteriaId":"3852BB02-47A1-40B3-8E32-8D8891A53114"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:x64:*","matchCriteriaId":"06E7E0F7-AA6F-477C-AAA7-C0419CD2F3BC"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*","matchCriteriaId":"C162FFF0-1E8F-4DCF-A08F-6C6E324ED878"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:x64:*","matchCriteriaId":"687E66DB-E5CC-4B13-B9B7-89CC6B49B693"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*","matchCriteriaId":"0A0D2704-C058-420B-B368-372D1129E914"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:*","matchCriteriaId":"0161C884-70A5-4AD0-BD80-F0F7B3D8579E"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2009","CveId":"555","Ordinal":"1","Title":"CVE-2009-0555","CVE":"CVE-2009-0555","Year":"2009"},"notes":[{"CveYear":"2009","CveId":"555","Ordinal":"1","NoteData":"Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka \"Windows Media Runtime Voice Sample Rate Vulnerability.\"","Type":"Description","Title":"CVE-2009-0555"},{"CveYear":"2009","CveId":"555","Ordinal":"2","NoteData":"2009-10-14","Type":"Other","Title":"Published"},{"CveYear":"2009","CveId":"555","Ordinal":"3","NoteData":"2018-10-12","Type":"Other","Title":"Modified"}]}}}