Content
(MS09-052) WMP Heap Overflow Vulnerability (974112)
- Type
- Buffer Overflow
- Impact of exploitation
- Remote Code Execution
- User Interaction
- user interaction is needed
- Attack Vector
- Maliciously Crafted File
- Rating
- Medium
- CVE reference
- CVE-2009-2527,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows Media Player 6.4,
- Summary
- A buffer overflow vulnerability in Microsoft Windows Media Player may allow remote code execution.
Tab Navigation
Description
A buffer overflow vulnerability in Microsoft Windows Media Player may allow remote code execution. A remote code execution vulnerability exists in Windows Media Player 6.4. An attacker could exploit the vulnerability by constructing a specially crafted ASF file that could allow remote code execution when played using Windows Media Player 6.4. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
McAfee Product Mitigation & Recommendations
Recommendations
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-052.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-052) WMP Heap Overflow Vulnerability (974112)
- Signature identifier:
- 7192
- Release date:
- 10/13/2009
McAfee Intrushield
- Signature:
- HTTP: Microsoft WMP Heap Overflow Vulnerability
- Signature identifier:
- 0x40267900
- Release date:
- 10/13/2009
- First released in:
- 4.1.59, 5.1.29
McAfee Host IPS
- Signature:
- Generic Buffer Overflow Protection
- Signature identifier:
- 428
- Release date:
- 8/24/2000
- First released in:
- 2.0
McAfee Host IPS
- Signature:
- ulnerability in Windows Media Player Could Allow Remote Code Execution
- Signature identifier:
- 2235
- Release date:
- 10/13/2009
- First released in:
- 2925
- Signature:
- (MS09-052) WMP Heap Overflow Vulnerability (974112)
- Signature identifier:
- 7192
- Release date:
- 10/14/2009
McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection
McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
McAfee Anti-Virus protection
Detection for known attack vectors will be provided in 5772 DATs when using gateway products such as SIG, SWG, GS.
- Signature:
- 5772
- Release date:
- 10/14/2009
- First released in:
- Exploit-CVE2009-2527
The V-Flash Release of 10/13/2009 contains the remedy for this vulnerability.
- Release date:
- 10/14/2009
Additional Resources
(MS09-052) WMP Heap Overflow Vulnerability (974112)
http://www.microsoft.com/technet/security/bulletin/ms09-052.mspx
All Information
Timeline -
10/13/2009
Vendor has provided a patch.
Description -
A buffer overflow vulnerability in Microsoft Windows Media Player may allow remote code execution. A remote code execution vulnerability exists in Windows Media Player 6.4. An attacker could exploit the vulnerability by constructing a specially crafted ASF file that could allow remote code execution when played using Windows Media Player 6.4. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
McAfee Product Mitigation & Recommendations
Recommendations -
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-052.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-052) WMP Heap Overflow Vulnerability (974112)
- Signature identifier:
- 7192
- Release date:
- 10/13/2009
McAfee Intrushield
- Signature:
- HTTP: Microsoft WMP Heap Overflow Vulnerability
- Signature identifier:
- 0x40267900
- Release date:
- 10/13/2009
- First released in:
- 4.1.59, 5.1.29
McAfee Host IPS
- Signature:
- Generic Buffer Overflow Protection
- Signature identifier:
- 428
- Release date:
- 8/24/2000
- First released in:
- 2.0
McAfee Host IPS
- Signature:
- ulnerability in Windows Media Player Could Allow Remote Code Execution
- Signature identifier:
- 2235
- Release date:
- 10/13/2009
- First released in:
- 2925
- Signature:
- (MS09-052) WMP Heap Overflow Vulnerability (974112)
- Signature identifier:
- 7192
- Release date:
- 10/14/2009
McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection
McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
McAfee Anti-Virus protection
Detection for known attack vectors will be provided in 5772 DATs when using gateway products such as SIG, SWG, GS.
- Signature:
- 5772
- Release date:
- 10/14/2009
- First released in:
- Exploit-CVE2009-2527
The V-Flash Release of 10/13/2009 contains the remedy for this vulnerability.
- Release date:
- 10/14/2009
Additional Resources
Additional Resources -
(MS09-052) WMP Heap Overflow Vulnerability (974112)
http://www.microsoft.com/technet/security/bulletin/ms09-052.mspx
