| Vulnerability Name: | CVE-2009-4309 (CCN-54642) | ||||||||
| Assigned: | 2009-12-08 | ||||||||
| Published: | 2009-12-08 | ||||||||
| Updated: | 2018-10-10 | ||||||||
| Summary: | Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2009-4210 Source: MITRE Type: CNA CVE-2009-4309 Source: CCN Type: SA37592 Microsoft Windows Indeo Codec Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 37592 Source: CCN Type: SECTRACK ID: 1023302 Windows Media Player Indeo Codec Bugs Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: Patch 1023302 Source: MSKB Type: Patch, Vendor Advisory 954157 Source: MSKB Type: Patch, Vendor Advisory 955759 Source: MSKB Type: Patch, Vendor Advisory 976138 Source: CCN Type: US-CERT VU#228561 Microsoft Indeo video codecs contain multiple vulnerabilities Source: CCN Type: Microsoft Security Advisory (954157) Security Enhancements for the Indeo Codec Source: CONFIRM Type: Patch, Vendor Advisory http://www.microsoft.com/technet/security/advisory/954157.mspx Source: OSVDB Type: UNKNOWN 60855 Source: CCN Type: OSVDB ID: 60855 Microsoft Windows Intel Indeo41 Codec IV41 movi Record Handling Overflow Source: CCN Type: OSVDB ID: 60857 Microsoft Windows Indeo Codec Unspecified Memory Corruption Source: BUGTRAQ Type: UNKNOWN 20091208 ZDI-09-089: Microsoft Windows Intel Indeo Codec Parsing Heap Overflow Vulnerability Source: BID Type: UNKNOWN 37251 Source: CCN Type: BID-37251 Intel Indeo Codec Media Content Multiple Buffer Overflow Vulnerabilities Source: VUPEN Type: Vendor Advisory ADV-2009-3440 Source: MISC Type: UNKNOWN http://zerodayinitiative.com/advisories/ZDI-09-089/ Source: XF Type: UNKNOWN ms-ie-indeo41-bo(54642) Source: XF Type: UNKNOWN ms-ie-indeo41-bo(54642) Source: XF Type: UNKNOWN ms-ie-content-code-execution(54645) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:12188 Source: CCN Type: ZDI-09-089 Microsoft Windows Intel Indeo Codec Parsing Heap Overflow Vulnerability | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||