CVE-2009-4309

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Media Player; Windows 2000; Windows 2003 Server; Windows Xp
Vendor: CVE Published:; 13 December 2009

Summary

Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.

References

http://support.microsoft.com/kb/955759

vendor-advisoryx_refsource_MSKB

http://www.securityfocus.com/archive/1/508324/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/54642

vdb-entryx_refsource_XF

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 13, 2009
Vulnerability Reserved
Dec 12, 2009

Collectors

NVD DatabaseMitre Database