Heap overflow

2009-10-1410:30:00

PRIOn knowledge base

www.prio-n.com

8.1 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.86 High

EPSS

Percentile

98.5%

JSON

Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka “Windows Media Runtime Heap Corruption Vulnerability.”

CPENameOperatorVersion
windows_media_format_runtimeeq9.0
windows_media_format_runtimeeq9.0
windows_media_format_runtimeeq9.5
windows_media_format_runtimeeq11
windows_media_format_runtimeeq9.5
windows_media_format_runtimeeq11
windows_media_playereq9

Name	Operator	Version
windows_media_format_runtime	eq	9.0
windows_media_format_runtime	eq	9.0
windows_media_format_runtime	eq	9.5
windows_media_format_runtime	eq	11
windows_media_format_runtime	eq	9.5
windows_media_format_runtime	eq	11
windows_media_player	eq	9