Microsoft Windows Media Audio codec Remote Code Execution Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	10/13/2009
Severity:	High
Operating Systems Affected:	Microsoft Windows 2000 SP 4 Microsoft Windows XP SP 2 Microsoft Windows XP SP 3 Microsoft Windows Server 2003 SP 2 Microsoft Windows Vista SP 1 Microsoft Windows Vista SP 2
Applications Affected:	Windows Media Player
Type:	Remote
Identifiers:	CVE-2009-2525

Synopsis

The Windows Media Audio codec in Microsoft Windows is prone to Remote Code Execution vulnerability in the way that this application does not handles certain functions in compressed malformed audio files. After successful exploitation remote attacker can execute arbitrary code in security context of logged-in user.

Recommended Actions

Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms09-051.mspx

Threat Analysis

Windows Media Player is a multimedia tool developed by Microsoft that is used for playing audio, video and viewing images on personal computers. It supports various type of media files (like mp3, wav… etc).

Remote Code Execution Vulnerability has been discovered in Windows Media Player in Microsoft Windows. This vulnerability exists while application does not handle certain functions in malformed compressed audio files such as WMV/WMA. Successful exploitation allows remote attacker can execute arbitrary code in security context of logged-in user.

References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2525

Write-up by: Gaurav Bajpai