CVE-2009-2525

Published: Oct 14, 2009Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka "Windows Media Runtime Heap Corruption Vulnerability."

Affected (17)

Products: Microsoft: Windows 2000, Windows Media Player, Windows Media Format Runtime, Windows Xp, Windows Server 2003, Windows Server 2008, Windows Vista

Microsoft

7 products

Windows 2000

Windows Media Player

Windows Media Format Runtime

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 2000	All versions
Microsoft Windows Media Player	Version 9

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows Media Format Runtime	Version 9.0
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows Media Format Runtime	Version 9.5
Microsoft Windows Server 2003	All versions

Configuration D

9 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows Media Format Runtime	Version 11
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions