CVE-2009-2525

CVE Database · CVE-2009-2525

CVE-2009-2525

· N/AModified

CVSS v3.1

N/A

EPSS

23.32%

Published

Oct 14, 2009

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka "Windows Media Runtime Heap Corruption Vulnerability."

Weaknesses (CWE)

CWE-94

Affected Products (20)

microsoft · windows_2000vulnerable

microsoft · windows_media_format_runtimevulnerable

microsoft · windows_media_playervulnerable

microsoft · windows_media_format_runtimevulnerable

microsoft · windows_xpvulnerable

microsoft · windows_media_format_runtime

References (6)

http://www.us-cert.gov/cas/techalerts/TA09-286A.html

US Government Resource