CVE-2009-2499

high

Microsoft

CVSS v3 Base Score

8.5

AV:N/AC:M/Au:S/C:C/I:C/A:C

EPSS Score

30.7%

Exploitation probability in 30 days

Top 3% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Confidentiality

Integrity

Availability

Published: September 8, 2009 (6091 days ago)

Last Modified: April 23, 2026

Vendor: Microsoft

Source: NVD

Description

Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka "Windows Media Playback Memory Corruption Vulnerability."

CWE

CWE-94

Affected Products

microsoft windows media format runtimemicrosoft windows 2000microsoft windows xpmicrosoft windows server 2003microsoft windows server 2008microsoft windows vistamicrosoft windows media servicesmicrosoft windows media foundation

References

🔗 www.us-cert.gov 🔗 docs.microsoft.com 🔗 oval.cisecurity.org 🔗 www.us-cert.gov 🔗 docs.microsoft.com

CVE-2009-2499

Vulnerability Report

Description

CWE

Affected Products

References