Heap-based Buffer Overflow in Intel Indeo41 Codec for Windows Media Player by Microsoft
CVE-2009-4309

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Media Player; Windows 2000; Windows 2003 Server; Windows Xp
Vendor: CVE Published:; 13 December 2009

Summary

A heap-based buffer overflow exists in the Intel Indeo41 codec used by Windows Media Player, posing a risk to systems running Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2. This vulnerability can be exploited by remote attackers through specially crafted media files, particularly those containing AVI format, to execute arbitrary code. By supplying a large size value in a movi record within an IV41 stream, an attacker could take control of the affected system, highlighting the critical need for users to apply security updates and take proactive measures to mitigate risks.

References

http://support.microsoft.com/kb/955759

vendor-advisoryx_refsource_MSKB

http://www.securityfocus.com/archive/1/508324/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/54642

vdb-entryx_refsource_XF

EPSS Score

27% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 13, 2009
Vulnerability Reserved
Dec 12, 2009