VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 8, 2009· Updated Apr 23, 2026

CVE-2009-2499

CVE-2009-2499

Description

Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka "Windows Media Playback Memory Corruption Vulnerability."

Affected products

24
  • Microsoft/Windows Media Format Runtime4 versions
    cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:windows_media_format_runtime:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:x64:*:*:*:*:*
  • Microsoft/Windows Media Foundation
    cpe:2.3:a:microsoft:windows_media_foundation:-:*:*:*:*:*:*:*
  • Microsoft/Windows Media Services2 versions
    cpe:2.3:a:microsoft:windows_media_services:2008:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:microsoft:windows_media_services:2008:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:windows_media_services:9.1:*:*:*:*:*:*:*
  • Microsoft/Windows 2000
    cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • Microsoft/Windows Server 20032 versions
    cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • Microsoft/Windows Server 20084 versions
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*+ 3 more
    • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:*:*:*:*:*
  • Microsoft/Windows Vista7 versions
    cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:-:-:x64:*:*:*:*:*
  • Microsoft/Windows Xp3 versions
    cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.