CVE-2009-2498
critical
Microsoft CVSS v3 Base Score
9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
29.6%
Exploitation probability in 30 days
Top 3% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: September 8, 2009 (6091 days ago)
Last Modified: April 23, 2026
Vendor: Microsoft
Source: NVD
Vulnerability Report
Generated by CyberWatcher
Description
Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."
CWE
CWE-94Affected Products
microsoft windows media format runtimemicrosoft windows 2000microsoft windows xpmicrosoft windows server 2003microsoft windows server 2008microsoft windows vistamicrosoft windows media servicesmicrosoft media foundation sdk