CVE-2009-2499

Microsoft Windows Media Format Runtime <11 - RCE

Title source: llm
STIX 2.1

Description

Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka "Windows Media Playback Memory Corruption Vulnerability."

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA09-251A.html

Scores

EPSS 0.1555
EPSS Percentile 96.4%

Details

CWE
CWE-94
Status published
Products (11)
microsoft/windows_2000
microsoft/windows_media_format_runtime 9.0
microsoft/windows_media_format_runtime 9.5 (2 CPE variants)
microsoft/windows_media_format_runtime 11
microsoft/windows_media_foundation
microsoft/windows_media_services 9.1
microsoft/windows_media_services 2008
microsoft/windows_server_2003 (2 CPE variants)
microsoft/windows_server_2008 (4 CPE variants)
microsoft/windows_vista (7 CPE variants)
... and 1 more
Published Sep 08, 2009
Tracked Since Feb 18, 2026