|
[Japanese]
|
JVNDB-2009-000059
|
Buffer overflow vulnerability in Microsoft Windows
|
|
Microsoft Windows contains a buffer overflow vulnerability.
Windows Media Format Runtime included in Microsoft Windows contains a buffer overflow vulnerability when parsing specific files.
The security update for this vulnerability is contained in the Microsoft Security Bulletin Summary for September 2009.
Hiroshi Noguchi of Alice Carroll fan club reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
CVSS V2 Severity:
Base Metrics 6.8 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
|
Microsoft Corporation
- Microsoft Windows 2000
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 (x64)
- Microsoft Windows Server 2008
- Microsoft Windows Server 2008 (x64)
- Microsoft Windows Vista
- Microsoft Windows Vista (x64)
- Microsoft Windows XP sp3
- Microsoft Windows XP (x64)
|
|
|
If a user opens a specially crafted file, an attacker may execute arbitrary code.
|
|
[Update the software]
Apply the update according to the information provided by Microsoft.
|
|
Microsoft Corporation
|
|
- Buffer Errors(CWE-119) [IPA Evaluation]
|
|
- CVE-2009-2498
- CVE-2009-2499
|
|
- JVN : JVN#62211338
- National Vulnerability Database (NVD) : CVE-2009-2498
- National Vulnerability Database (NVD) : CVE-2009-2499
- IPA SECURITY ALERTS : Security Alert for Vulnerability in Microsoft Windows
- US-CERT Cyber Security Alerts : SA09-251A
- US-CERT Technical Cyber Security Alert : TA09-251A
- Secunia Advisory : SA36596
- SecurityFocus : 36225
- SecurityFocus : 36228
- VUPEN Security : VUPEN/ADV-2009-2566
|
|
- [2009/09/09]
Web page published
|
