CVE-2009-2527
Published Oct 14, 2009
Last updated 6 years ago
Overview
- Description
- Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via (1) a crafted ASF file or (2) crafted streaming content, aka "WMP Heap Overflow Vulnerability."
- Source
- secure@microsoft.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 9.3
- Impact score
- 10
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-119
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:sp4:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "11AFB73A-1C61-40F1-8415-E4D40BB2699B"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "377F7D0C-6B44-4B90-BF90-DAF959880C6D"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:x64:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3461CEA0-6CCF-4AA9-B83A-420E1310C83C"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2D48D876-6A88-4B52-9322-9F019BFA19B9"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B47EBFCC-1828-45AB-BC6D-FB980929A81A"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:sp3:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E69F8C21-5996-4083-A02A-F04AE948CEA9"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windows_media_player:6.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1CE4EC55-63B7-409E-9E4D-DBC5A36D2F5A"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]