Two remote code execution vulnerabilities in Microsoft Windows
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2009-2525 CVE-2009-0555 |
| CWE-ID | CWE-119 |
| Exploitation vector | Network |
| Public exploit | Vulnerability #2 is being exploited in the wild. |
| Vulnerable software |
Windows Operating systems & Components / Operating system Windows Server Operating systems & Components / Operating system |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Memory corruption
EUVDB-ID: #VU1401
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2009-2525
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling certain functions in compressed audio files. A remote attacker can create a specially crafted media file or streaming content, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Install update from vendor's website:
DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager on Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?familyid=4fe0dff5-04d9-4409-8d1d-52419537126b
https://www.microsoft.com/downloads/details.aspx?familyid=8f850a82-61f9-447b-a0aa-a2c192cc5d2e
https://www.microsoft.com/downloads/details.aspx?familyid=6dfd5405-cabe-4bd7-9330-b6bde1d99194
DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager on Windows XP Service Pack 2 and Windows XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=4fe0dff5-04d9-4409-8d1d-52419537126b
https://www.microsoft.com/downloads/details.aspx?familyid=746d3440-5a6a-421e-9286-7b534a1dfe54
https://www.microsoft.com/downloads/details.aspx?familyid=6ecc7129-8caa-4daf-a8e2-8f3536225fb3
DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager on Windows XP Professional x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=c116ae9d-e416-4b7d-be75-4b4b2ebcc33a
https://www.microsoft.com/downloads/details.aspx?familyid=4729de51-8fd8-46c6-b4ad-9c9f25202684
https://www.microsoft.com/downloads/details.aspx?familyid=fe0d51b2-345e-4eb7-a036-d8c3f6a683d2
https://www.microsoft.com/downloads/details.aspx?familyid=a866a490-6d3a-4ecd-acf4-770312ba2fd6
https://www.microsoft.com/downloads/details.aspx?familyid=46daf7c7-1cd3-4f47-9c7a-d5eb6ea7327b
DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager on Windows Server 2003 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=4fe0dff5-04d9-4409-8d1d-52419537126b
https://www.microsoft.com/downloads/details.aspx?familyid=00b3cb86-c9eb-4fbe-987e-2b0d94271d87
https://www.microsoft.com/downloads/details.aspx?familyid=ab1803ff-2371-487f-a7b6-95747c46ba4e
DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager on Windows Server 2003 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=c116ae9d-e416-4b7d-be75-4b4b2ebcc33a
https://www.microsoft.com/downloads/details.aspx?familyid=13ba4839-7fa9-4bbb-95f6-3fafb6c49f20
https://www.microsoft.com/downloads/details.aspx?familyid=fe0d51b2-345e-4eb7-a036-d8c3f6a683d2
https://www.microsoft.com/downloads/details.aspx?familyid=46daf7c7-1cd3-4f47-9c7a-d5eb6ea7327b
Windows Media Audio Voice Decoder on Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=f17ee0ea-f1e2-49f4-9f90-60296246ddfe
Windows Media Audio Voice Decoder on Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=26905f12-92c7-4d45-99e7-227f03d2cb82
Windows Media Audio Voice Decoder on Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=2eaa9857-a147-4f31-9bf4-b9e2cf4c15c3
Windows Media Audio Voice Decoder on Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=70aabba3-53d6-4b52-be83-6d3f3869ecbd
Windows: Vista - 2000
Windows Server: 2003 - 2008
CPE2.3- cpe:2.3:o:microsoft:windows:Vista:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:XP:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:*
https://technet.microsoft.com/en-us/library/security/ms09-051.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory corruption
EUVDB-ID: #VU1400
Risk: Critical
CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2009-0555
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when processing malformed Advanced Systems Format (ASF) files. A remote attacker can create a specially crafted audio file that uses the Windows Media Speech code, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Install update from vendor's website:
DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager on Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?familyid=4fe0dff5-04d9-4409-8d1d-52419537126b
https://www.microsoft.com/downloads/details.aspx?familyid=8f850a82-61f9-447b-a0aa-a2c192cc5d2e
https://www.microsoft.com/downloads/details.aspx?familyid=6dfd5405-cabe-4bd7-9330-b6bde1d99194
DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager on Windows XP Service Pack 2 and Windows XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=4fe0dff5-04d9-4409-8d1d-52419537126b
https://www.microsoft.com/downloads/details.aspx?familyid=746d3440-5a6a-421e-9286-7b534a1dfe54
https://www.microsoft.com/downloads/details.aspx?familyid=6ecc7129-8caa-4daf-a8e2-8f3536225fb3
DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager on Windows XP Professional x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=c116ae9d-e416-4b7d-be75-4b4b2ebcc33a
https://www.microsoft.com/downloads/details.aspx?familyid=4729de51-8fd8-46c6-b4ad-9c9f25202684
https://www.microsoft.com/downloads/details.aspx?familyid=fe0d51b2-345e-4eb7-a036-d8c3f6a683d2
https://www.microsoft.com/downloads/details.aspx?familyid=a866a490-6d3a-4ecd-acf4-770312ba2fd6
https://www.microsoft.com/downloads/details.aspx?familyid=46daf7c7-1cd3-4f47-9c7a-d5eb6ea7327b
DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager on Windows Server 2003 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=4fe0dff5-04d9-4409-8d1d-52419537126b
https://www.microsoft.com/downloads/details.aspx?familyid=00b3cb86-c9eb-4fbe-987e-2b0d94271d87
https://www.microsoft.com/downloads/details.aspx?familyid=ab1803ff-2371-487f-a7b6-95747c46ba4e
DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager on Windows Server 2003 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=c116ae9d-e416-4b7d-be75-4b4b2ebcc33a
https://www.microsoft.com/downloads/details.aspx?familyid=13ba4839-7fa9-4bbb-95f6-3fafb6c49f20
https://www.microsoft.com/downloads/details.aspx?familyid=fe0d51b2-345e-4eb7-a036-d8c3f6a683d2
https://www.microsoft.com/downloads/details.aspx?familyid=46daf7c7-1cd3-4f47-9c7a-d5eb6ea7327b
Windows Media Audio Voice Decoder on Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=f17ee0ea-f1e2-49f4-9f90-60296246ddfe
Windows Media Audio Voice Decoder on Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=26905f12-92c7-4d45-99e7-227f03d2cb82
Windows Media Audio Voice Decoder on Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=2eaa9857-a147-4f31-9bf4-b9e2cf4c15c3
Windows Media Audio Voice Decoder on Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=70aabba3-53d6-4b52-be83-6d3f3869ecbd
Windows: Vista - 2000
Windows Server: 2003 - 2008
CPE2.3https://technet.microsoft.com/en-us/library/security/ms09-051.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
