Content
(MS09-051) Windows Media Runtime Heap Corruption Vulnerability (975682)
- Type
- Logic error
- Impact of exploitation
- Remote Code Execution
- User Interaction
- user interaction is needed
- Attack Vector
- Maliciously Crafted File
- Rating
- Medium
- CVE reference
- CVE-2009-2525,
- Vendor Status
- Responded and patched
- Vulnerable systems
- DirectShow WMA Voice Codec ,
- Windows Media Audio Voice Decoder ,
- Summary
- A vulnerability in Microsoft Windows (Windows Media Runtime) may allow remote code execution.
Tab Navigation
Description
A vulnerability in Microsoft Windows (Windows Media Runtime) may allow remote code execution. The vulnerability exists in the way that Microsoft Windows Media Runtime handles certain functions in compressed audio files. The vulnerability could allow remote code execution if a user opened a specially crafted file. If a user is logged on with administrative user rights, an attacker could exploit the vulnerability and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
McAfee Product Mitigation & Recommendations
Recommendations
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-051.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-051) Windows Media Runtime Heap Corruption Vulnerability (975682)
- Signature identifier:
- 7190
- Release date:
- 10/13/2009
McAfee Intrushield
- Signature:
- HTTP: Microsoft Windows Media Runtime Heap Corruption Vulnerability
- Signature identifier:
- 0x40269D00
- Release date:
- 10/13/2009
- First released in:
- 4.1.59, 5.1.29
McAfee Host IPS
- Signature:
- Generic Buffer Overflow Protection
- Signature identifier:
- 428
- Release date:
- 8/24/2000
- First released in:
- 2.0
- Signature:
- (MS09-051) Windows Media Runtime Heap Corruption Vulnerability (975682)
- Signature identifier:
- 7190
- Release date:
- 10/14/2009
McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
McAfee Anti-Virus protection
Detection for known attack vectors will be provided in 5772 DATs when using gateway products such as SIG, SWG, GS.
- Signature:
- 5772
- Release date:
- 10/14/2009
- First released in:
- Exploit-CVE2009-2525
The V-Flash Release of 10/13/2009 contains the remedy for this vulnerability.
- Release date:
- 10/14/2009
Additional Resources
(MS09-051) Windows Media Runtime Heap Corruption Vulnerability (975682)
http://www.microsoft.com/technet/security/bulletin/ms09-051.mspx
All Information
Timeline -
10/13/2009
Vendor has provided a patch.
Description -
A vulnerability in Microsoft Windows (Windows Media Runtime) may allow remote code execution. The vulnerability exists in the way that Microsoft Windows Media Runtime handles certain functions in compressed audio files. The vulnerability could allow remote code execution if a user opened a specially crafted file. If a user is logged on with administrative user rights, an attacker could exploit the vulnerability and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
McAfee Product Mitigation & Recommendations
Recommendations -
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-051.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-051) Windows Media Runtime Heap Corruption Vulnerability (975682)
- Signature identifier:
- 7190
- Release date:
- 10/13/2009
McAfee Intrushield
- Signature:
- HTTP: Microsoft Windows Media Runtime Heap Corruption Vulnerability
- Signature identifier:
- 0x40269D00
- Release date:
- 10/13/2009
- First released in:
- 4.1.59, 5.1.29
McAfee Host IPS
- Signature:
- Generic Buffer Overflow Protection
- Signature identifier:
- 428
- Release date:
- 8/24/2000
- First released in:
- 2.0
- Signature:
- (MS09-051) Windows Media Runtime Heap Corruption Vulnerability (975682)
- Signature identifier:
- 7190
- Release date:
- 10/14/2009
McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
McAfee Anti-Virus protection
Detection for known attack vectors will be provided in 5772 DATs when using gateway products such as SIG, SWG, GS.
- Signature:
- 5772
- Release date:
- 10/14/2009
- First released in:
- Exploit-CVE2009-2525
The V-Flash Release of 10/13/2009 contains the remedy for this vulnerability.
- Release date:
- 10/14/2009
Additional Resources
Additional Resources -
(MS09-051) Windows Media Runtime Heap Corruption Vulnerability (975682)
http://www.microsoft.com/technet/security/bulletin/ms09-051.mspx
