What is the severity of CVE-2009-2498?

CVE-2009-2498 has a critical severity rating, as it allows remote code execution through specially crafted media files.

How do I fix CVE-2009-2498?

To fix CVE-2009-2498, apply the latest security updates provided by Microsoft for affected software versions.

What software is affected by CVE-2009-2498?

CVE-2009-2498 affects Microsoft Windows Media Format Runtime 9.0, 9.5, and 11, as well as Windows Media Services 9.1 and 2008.

Can CVE-2009-2498 be exploited remotely?

Yes, CVE-2009-2498 can be exploited remotely via crafted ASF, WMV, or WMA files.

What is the impact of CVE-2009-2498 on my system?

The impact of CVE-2009-2498 is the potential execution of arbitrary code on the affected system, compromising security.

Vulnerability/
CVE-2009-2498

critical

9.3

CWE

8/9/2009

7/8/2024

CVE-2009-2498: Code Injection

First published: Tue Sep 08 2009(Updated: )

Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Windows Media Format Runtime	=9.0
Microsoft Windows 2000	=sp4
Microsoft Windows XP	=sp2
Microsoft Windows XP	=sp3
Microsoft Windows Media Format Runtime	=9.5
Microsoft Windows Server	=sp2
Microsoft Windows XP	=sp2
Microsoft Windows Media Format Runtime	=9.5
Microsoft Windows Media Format Runtime	=11
Microsoft Windows Server
Microsoft Windows Server
Microsoft Windows Server	=sp2
Microsoft Windows Server	=sp2
Microsoft Windows Vista
Microsoft Windows Vista
Microsoft Windows Vista	=sp1
Microsoft Windows Vista	=sp2
Microsoft Windows Vista	=sp1
Microsoft Windows Vista	=sp2
Microsoft Windows Media Services	=9.1
Microsoft Windows Server
Microsoft Windows Media Services	=2008
Microsoft Media Foundation SDK
Microsoft Windows Vista
All of
Microsoft Windows Media Format Runtime	=9.0
Any of
Microsoft Windows 2000	=sp4
Microsoft Windows XP	=sp2
Microsoft Windows XP	=sp3
All of
Microsoft Windows Media Format Runtime	=9.5
Any of
Microsoft Windows Server	=sp2
Microsoft Windows XP	=sp2
Microsoft Windows XP	=sp2
Microsoft Windows XP	=sp3
All of
Microsoft Windows Media Format Runtime	=9.5
Any of
Microsoft Windows Server	=sp2
Microsoft Windows XP	=sp2
All of
Microsoft Windows Media Format Runtime	=11
Any of
Microsoft Windows Server
Microsoft Windows Server
Microsoft Windows Server	=sp2
Microsoft Windows Server	=sp2
Microsoft Windows Vista
Microsoft Windows Vista
Microsoft Windows Vista	=sp1
Microsoft Windows Vista	=sp2
Microsoft Windows Vista	=sp1
Microsoft Windows Vista	=sp2
Microsoft Windows XP	=sp2
Microsoft Windows XP	=sp2
Microsoft Windows XP	=sp3
All of
Microsoft Windows Media Services	=9.1
Any of
Microsoft Windows Server
Microsoft Windows Server	=sp2
All of
Microsoft Windows Media Services	=2008
Any of
Microsoft Windows Server
Microsoft Windows Server
Microsoft Windows Server	=sp2
Microsoft Windows Server	=sp2
All of
Microsoft Media Foundation SDK
Any of
Microsoft Windows Server
Microsoft Windows Server
Microsoft Windows Server	=sp2
Microsoft Windows Server	=sp2
Microsoft Windows Vista
Microsoft Windows Vista	=sp1
Microsoft Windows Vista	=sp2
Microsoft Windows Vista
Microsoft Windows Vista	=sp1
Microsoft Windows Vista	=sp2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-2498?
CVE-2009-2498 has a critical severity rating, as it allows remote code execution through specially crafted media files.
How do I fix CVE-2009-2498?
To fix CVE-2009-2498, apply the latest security updates provided by Microsoft for affected software versions.
What software is affected by CVE-2009-2498?
CVE-2009-2498 affects Microsoft Windows Media Format Runtime 9.0, 9.5, and 11, as well as Windows Media Services 9.1 and 2008.
Can CVE-2009-2498 be exploited remotely?
Yes, CVE-2009-2498 can be exploited remotely via crafted ASF, WMV, or WMA files.
What is the impact of CVE-2009-2498 on my system?
The impact of CVE-2009-2498 is the potential execution of arbitrary code on the affected system, compromising security.

collector/nvd-historical
agent/type
agent/weakness
agent/references
agent/severity
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
agent/author
vendor/microsoft
canonical/microsoft windows media format runtime
version/microsoft windows media format runtime/9.0
canonical/microsoft windows 2000
version/microsoft windows 2000/sp4
canonical/microsoft windows xp
version/microsoft windows xp/sp2
version/microsoft windows xp/sp3
version/microsoft windows media format runtime/9.5
canonical/microsoft windows server
version/microsoft windows server/sp2
version/microsoft windows media format runtime/11
canonical/microsoft windows vista
version/microsoft windows vista/sp1
version/microsoft windows vista/sp2
canonical/microsoft windows media services
version/microsoft windows media services/9.1
version/microsoft windows media services/2008
canonical/microsoft media foundation sdk