you got hacked by your mp3 file?
Posted: Wed Sep 09, 2009 9:16 am
Microsoft Security Bulletin MS09-047 - Critical
Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812)
Published: September 08, 2009
Version: 1.0
General Information
Executive Summary
This security update resolves two privately reported vulnerabilities in Windows Media Format. Either vulnerability could allow remote code execution if a user opened a specially crafted media file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Windows Media Format Runtime 9.0, Windows Media Format Runtime 9.5, Windows Media Format Runtime 11, Microsoft Media Foundation, Windows Media Services 9.1, and Windows Media Services 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.
The security update addresses the vulnerabilities by modifying the way that Windows Media Format Runtime parses Advanced Systems Format (ASF) files and MPEG-1 Audio Layer 3 (MP3) files. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.