Skip to main content

Microsoft Windows Media Runtime Multiple Vulnerabilities( 14 October 2009 )

Last Update Date: 28 Jan 2011 Release Date: 14 Oct 2009 5401 Views

RISK: Medium Risk

1. Windows Media Runtime Voice Sample Rate Vulnerability

A remote code execution vulnerability exists in Windows Media Player due to the improper processing of specially crafted Advanced Systems Format (ASF) files. An attacker could exploit the vulnerability by constructing a specially crafted audio file that could allow remote code execution when played using an affected version of Windows Media Player. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

2. Windows Media Runtime Heap Corruption Vulnerability

A remote code execution vulnerability exists in the way that Microsoft Windows Media Runtime handles certain functions in compressed audio files. This vulnerability could allow remote code execution if a user opened a specially crafted file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.


Impact

  • Remote Code Execution

System / Technologies affected

  • Microsoft Windows 2000
  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • DirectShow WMA Voice Codec
  • Windows Media Audio Voice Decoder
  • Audio Compression Manager

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Download locations for this patch


Vulnerability Identifier


Source


Related Link