Vulnerability

CERT-In Vulnerability Note CIVN-2009-0121
Multiple Remote Code Execution vulnerabilities in Windows Media Runtime

Original Issue Date:October 15, 2009

Severity Rating: HIGH

Systems Affected

Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2*

Component Affected

DirectShow WMA Voice Codec
Windows Media Audio Voice Decoder
Audio Compression Manager

Overview

Multiple vulnerabilities have been reported into way Microsoft Windows Media Runtime handles certain media files in "Advanced File Format" and "Compressed File Format". These vulnerabilities get exploited when a crafted media file is opened using affected version of Windows Media Runtime. Successful exploitation of these vulnerabilities could allow remote code execution on the target system.
The impact of the exploitation will be less if a user is a normal user with restricted rights than that of a user who operate with administrative rights.

Description

1. Voice Sample Rate Vulnerability in Windows Media Runtime ( CVE-2009-0555 )

This vulnerability exists in the way that Windows Media Player processes specially crafted Advanced Systems Format ASF files. This vulnerability could be exploited when a specially crafted audio file is opened using an affected version of Windows Media Player which results into the execution of the remote code. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

2. Heap Corruption Vulnerability in Windows Media Runtime ( CVE-2009-0555 )

This vulnerability exists in the way that Microsoft Windows Media Runtime handles certain functions in compressed audio files. This vulnerability could be exploited when a specially crafted file is executed by the user which results into the execution of the remote code on the affected system.

Solution

Apply appropriate patch as mentioned in Microsoft Security Bulletin MS09-051

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/bulletin/ms09-051.mspx

References

Microsoft
http://www.microsoft.com/technet/security/bulletin/ms09-051.mspx

McAfee
http://vil.nai.com/vil/content/v_vul48078.htm

Vupen Security
http://www.vupen.com/english/advisories/2009/2887

CVE Name
CVE-2009-0555
CVE-2009-0555

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-2436857

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India