Microsoft Windows Media Header Parsing Invalid Free Remote Code Execution Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	09/08/2009
Severity:	High
Applications Affected:	MS Windows Media Format Runtime 9.0 MS Windows Media Format Runtime 9.5 MS Windows Media Format Runtime 11 MS Windows Media Services 9.1 MS Windows Media Services 2008
Operating Systems Affected:	Microsoft Windows 2000 SP4 Microsoft Windows XP SP2 & SP3 Microsoft Windows XP Professional x64 SP2 Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2003 x64 SP2 Microsoft Windows Vista Microsoft Windows Vista SP1 & SP2 Microsoft Windows Vista x64 SP1 & SP2 Microsoft Windows Server 2008 32-bit Microsoft Windows Server 2008 32-bit SP2 Microsoft Windows Server 2008 64-bit Microsoft Windows Server 2008 64-bit SP2
Type:	Remote
Identifiers:	CVE-2009-2498

Synopsis

Microsoft Windows Media is prone to a remote code execution vulnerability which could be exploited to gain complete control of the affected system

Recommended Actions

Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/MS09-047.mspx

Threat Analysis

A remote code execution vulnerability exists in Microsoft Windows Media Format Runtime component. The vulnerability exists due to improper handling of specially crafted ASF format files by windows component.

ASF is a compressed file format that stores audio and video information and is specially designed to run over the Interne. ASF files may have the file extensions ASF, WMV, or WMA.

A remote attacker could exploit this vulnerability to take complete control of an affected system and install programs; view, change, or delete data; or create new accounts with full user rights.

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2498

Write-up by: Dheeraj Johri