| Vulnerability Name: | CVE-2009-4310 (CCN-54643) | ||||||||
| Assigned: | 2009-12-08 | ||||||||
| Published: | 2009-12-08 | ||||||||
| Updated: | 2018-10-10 | ||||||||
| Summary: | Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2009-4210 Source: MITRE Type: CNA CVE-2009-4310 Source: CCN Type: SA37592 Microsoft Windows Indeo Codec Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 37592 Source: CCN Type: SECTRACK ID: 1023302 Windows Media Player Indeo Codec Bugs Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: Patch 1023302 Source: MSKB Type: Patch, Vendor Advisory 954157 Source: MSKB Type: Patch, Vendor Advisory 955759 Source: MSKB Type: Patch, Vendor Advisory 976138 Source: CCN Type: Microsoft Security Advisory (954157) Security Enhancements for the Indeo Codec Source: CONFIRM Type: Patch, Vendor Advisory http://www.microsoft.com/technet/security/advisory/954157.mspx Source: OSVDB Type: UNKNOWN 60856 Source: CCN Type: OSVDB ID: 60856 Microsoft Windows Intel Indeo41 Codec IV41 Stream Video Decompression Overflow Source: CCN Type: OSVDB ID: 60857 Microsoft Windows Indeo Codec Unspecified Memory Corruption Source: BUGTRAQ Type: UNKNOWN 20091208 ZDI-09-090: Microsoft Windows Intel Indeo Codec Parsing Stack Overflow Vulnerability Source: BID Type: UNKNOWN 37251 Source: CCN Type: BID-37251 Intel Indeo Codec Media Content Multiple Buffer Overflow Vulnerabilities Source: VUPEN Type: Vendor Advisory ADV-2009-3440 Source: MISC Type: UNKNOWN http://zerodayinitiative.com/advisories/ZDI-09-090/ Source: XF Type: UNKNOWN ms-ie-indeo41-codec-bo(54643) Source: XF Type: UNKNOWN ms-ie-indeo41-codec-bo(54643) Source: XF Type: UNKNOWN ms-ie-content-code-execution(54645) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11596 Source: CCN Type: ZDI-09-090 Microsoft Windows Intel Indeo Codec Parsing Stack Overflow Vulnerability | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||