|
|
|
|
| |
Credit:
The information has been provided by Microsoft, Ivan Fratric, Jun Xie, Vinay Anantharaman.
The original article can be found at: http://www.microsoft.com/technet/security/bulletin/ms09-051.mspx
|
| |
Vulnerable Systems:
* Windows 2000
* Windows XP
* Windows Server 2003 except for Itanium-based editions
* Windows Vista
* Windows Server 2008 except for Itanium-based editions
Immune Systems:
* Windows Server 2003 with SP2 for Itanium-based Systems
* Windows Server 2008 for Itanium-based Systems
* Windows Server 2008 R2 for x64-based Systems
* Windows Server 2008 R2 for Itanium-based Systems
This security update resolves two privately reported vulnerabilities in Windows Media Runtime. The vulnerabilities could allow remote code execution if a user opened a specially crafted media file or received specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager on supported editions of Microsoft Windows 2000; Windows XP; Windows Server 2003, except for Itanium-based editions; Windows Vista; and Windows Server 2008, except for Itanium-based editions. For more information, see the subsection, Affected and Non-Affected Software, in this section.
The security update addresses the vulnerabilities by changing the manner in which the Windows Media Runtime processes ASF files and initializes functions in compressed audio files.
Patch Availability:
http://go.microsoft.com/fwlink/?LinkID=40747
CVE Information:
CVE-2009-0555
CVE-2009-2525
|
|
|
|
|
