CVE-2009-2527

Published Oct 14, 2009

Last updated 6 years ago

CVSS info 9.3

Overview

Description: Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via (1) a crafted ASF file or (2) crafted streaming content, aka "WMP Heap Overflow Vulnerability."
Source: secure@microsoft.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_2000:sp4:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "11AFB73A-1C61-40F1-8415-E4D40BB2699B"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "377F7D0C-6B44-4B90-BF90-DAF959880C6D"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:x64:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3461CEA0-6CCF-4AA9-B83A-420E1310C83C"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2D48D876-6A88-4B52-9322-9F019BFA19B9"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B47EBFCC-1828-45AB-BC6D-FB980929A81A"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_xp:sp3:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E69F8C21-5996-4083-A02A-F04AE948CEA9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:windows_media_player:6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1CE4EC55-63B7-409E-9E4D-DBC5A36D2F5A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References