FILE-MULTIMEDIA -- Snort detected traffic targeting vulnerabilities in multimedia files (mp3, movies, wmv, etc.).
FILE-MULTIMEDIA Microsoft Windows mp3 file malformed ID3 APIC header code execution attempt
This event is generated when an MP3 file is detected containing ID3 metadata which exploits a vulnerability in WMVCore component of Windows. Impact: Arbitrary code execution in the context of the current user Details: Ease of Attack: Simple
No public information
No known false positives
Cisco Talos Intelligence Group
Tactic:
Technique:
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org
CVE-2009-2499Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka "Windows Media Playback Memory Corruption Vulnerability." |
|