Signature Detail

HTTP: MP3 Windows Media Playback Memory Corruption

This signature detects attempts to exploit a known vulnerability against Microsoft Windows Media Player. A successful attack can lead to arbitrary code execution.

Extended Description

Microsoft Windows is prone to a remote code-execution vulnerability that arises when an affected Windows component handles a malicious MP3 file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the currently logged-in user. Failed attacks will cause denial-of-service conditions.

Affected Products

• Microsoft Microsoft Media Foundation
• Microsoft Windows Media Format 11
• Microsoft Windows Media Format 9.0
• Microsoft Windows Media Format 9.5
• Microsoft Windows Media Format 9.5 x64
• Nortel Networks CallPilot 1002Rp
• Nortel Networks CallPilot 1005R
• Nortel Networks CallPilot 201I
• Nortel Networks CallPilot 202I
• Nortel Networks CallPilot 600R
• Nortel Networks CallPilot 703T
• Nortel Networks Contact Center Administration
• Nortel Networks Contact Center Express
• Nortel Networks Contact Center Manager Server
• Nortel Networks Contact Center NCC
• Nortel Networks Contact Center - TAPI Server
• Nortel Networks Self-Service - CCSS7
• Nortel Networks Self-Service CCXML
• Nortel Networks Self-Service MPS 100
• Nortel Networks Self-Service MPS 1000
• Nortel Networks Self-Service MPS 500
• Nortel Networks Self-Service Peri Application
• Nortel Networks Self-Service Peri Workstation
• Nortel Networks Self-Service Speech Server
• Nortel Networks Self Service VoiceXML
• Nortel Networks Self-Service WVADS
• Nortel Networks Symposium Agent

References

• BugTraq: 36228
• CVE: CVE-2009-2499