Windows : Microsoft Bulletins : Microsoft Windows Media Format Remote Code Execution Vulnerability (973812)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.901012

Categoría: Windows : Microsoft Bulletins

Título: Microsoft Windows Media Format Remote Code Execution Vulnerability (973812)

Resumen: This host is missing a critical security update according to; Microsoft Bulletin MS09-047.

Descripción: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS09-047.

Vulnerability Insight:
- An error exists in the handling of ASF file headers and can be exploited
to trigger an invalid call to freed memory via a specially crafted file
or specially crafted streaming content from a web site.

- An error in the processing of MP3 meta-data can be exploited to corrupt
memory via a specially crafted MP3 file or specially crafted streaming
content from a web site.

Vulnerability Impact:
Successful exploitation will let the attacker execute arbitrary code or
compromise an affected system.

Affected Software/OS:
- Microsoft Windows Media Service 9.1 on Microsoft Windows 2k3 SP2 and prior

- Microsoft Windows Media Format 9.0 on Microsoft Windows 2k SP4/XP SP3/2k3 SP2 and prior

- Microsoft Windows Media Format 9.5 on Microsoft Windows XP SP3/2k3 SP2 and prior

- Microsoft Windows Media Format 11.0 on Microsoft Windows XP SP3 and prior

- Microsoft Windows Media Format 11.0 on Microsoft Windows Vista SP2 and prior

- Microsoft Windows Media Format 11.0 on Microsoft Windows 2008 Server SP2 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-2498
Cert/CC Advisory: TA09-251A
http://www.us-cert.gov/cas/techalerts/TA09-251A.html
Microsoft Security Bulletin: MS09-047
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6257
Common Vulnerability Exposure (CVE) ID: CVE-2009-2499
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.901012
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Windows Media Format Remote Code Execution Vulnerability (973812)
Resumen:	This host is missing a critical security update according to; Microsoft Bulletin MS09-047.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS09-047. Vulnerability Insight: - An error exists in the handling of ASF file headers and can be exploited to trigger an invalid call to freed memory via a specially crafted file or specially crafted streaming content from a web site. - An error in the processing of MP3 meta-data can be exploited to corrupt memory via a specially crafted MP3 file or specially crafted streaming content from a web site. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary code or compromise an affected system. Affected Software/OS: - Microsoft Windows Media Service 9.1 on Microsoft Windows 2k3 SP2 and prior - Microsoft Windows Media Format 9.0 on Microsoft Windows 2k SP4/XP SP3/2k3 SP2 and prior - Microsoft Windows Media Format 9.5 on Microsoft Windows XP SP3/2k3 SP2 and prior - Microsoft Windows Media Format 11.0 on Microsoft Windows XP SP3 and prior - Microsoft Windows Media Format 11.0 on Microsoft Windows Vista SP2 and prior - Microsoft Windows Media Format 11.0 on Microsoft Windows 2008 Server SP2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2498 Cert/CC Advisory: TA09-251A http://www.us-cert.gov/cas/techalerts/TA09-251A.html Microsoft Security Bulletin: MS09-047 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-047 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6257 Common Vulnerability Exposure (CVE) ID: CVE-2009-2499 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5531
Copyright	Copyright (C) 2009 Greenbone AG