Signature Detail

HTTP: ASF Sample Rate Code Execution

This signature detects attempts to exploit a known vulnerability in the Microsoft Windows Media Runtime ASF parser. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.

Extended Description

Microsoft Windows Media Runtime is prone to a remote code-execution vulnerability because it fails to properly bounds-check user-supplied input. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Affected Products

• Microsoft Audio Compression Manager
• Microsoft DirectShow WMA Voice Codec
• Microsoft Windows Media Audio Voice Decoder
• Microsoft Windows Media Player 10.0
• Microsoft Windows Media Player 11
• Nortel Networks CallPilot 1002Rp
• Nortel Networks CallPilot 200I
• Nortel Networks CallPilot 201I
• Nortel Networks CallPilot 702T
• Nortel Networks CallPilot 703T
• Nortel Networks Contact Center Administration
• Nortel Networks Contact Center Express
• Nortel Networks Contact Center Manager Server
• Nortel Networks Contact Center Multimedia
• Nortel Networks Contact Center NCC
• Nortel Networks Contact Center - TAPI Server
• Nortel Networks Self-Service - CCSS7
• Nortel Networks Self-Service CCXML
• Nortel Networks Self-Service MPS 100
• Nortel Networks Self-Service MPS 1000
• Nortel Networks Self-Service MPS 500
• Nortel Networks Self-Service Peri Application
• Nortel Networks Self-Service Peri Workstation
• Nortel Networks Self-Service Speech Server
• Nortel Networks Self Service VoiceXML
• Nortel Networks Self-Service WVADS
• Nortel Networks Symposium Express Contact Center 4.2

References

• BugTraq: 36614
• BugTraq: 36644
• CVE: CVE-2009-0555
• CVE: CVE-2009-2527