Summary
This host is missing a critical security update according to Microsoft Bulletin MS09-047.
Impact
Successful exploitation will let the attacker execute arbitrary code or compromise a affected system.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms09-047.mspx
Insight
- An error exists in the handling of ASF file headers and can be exploited to trigger an invalid call to freed memory via a specially crafted file or specially crafted streaming content from a web site.
- An error in the processing of MP3 meta-data can be exploited to corrupt memory via a specially crafted MP3 file or specially crafted streaming content from a web site.
Affected
Windows Media Service 9.1 on Windows 2k3 SP2 and prior Windows Media Format 9.0 on Windows 2k SP4/XP SP3/2k3 SP2 and prior Windows Media Format 9.5 on Windows XP SP3/2k3 SP2 and prior Windows Media Format 11.0 on Windows XP SP3 and prior Windows Media Format 11.0 on Windows Vista SP2 and prior Windows Media Format 11.0 on Windows 2008 server SP2 and prior
References
Severity
Classification
-
CVE CVE-2009-2498, CVE-2009-2499 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Data Analyzer ActiveX Control Vulnerability (978262)
- Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2514842)
- Cumulative Security Update for Internet Explorer (969897)
- Microsoft .NET Framework Authentication Bypass and Spoofing Vulnerabilities (2836440)
- Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844)