Stack-based Buffer Overflow in Intel Indeo41 Codec for Windows Media Player by Microsoft
CVE-2009-4310

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 2000; Windows 2003 Server; Windows Xp; Media Player
Vendor: CVE Published:; 13 December 2009

Summary

A stack-based buffer overflow vulnerability exists in the Intel Indeo41 codec used by Windows Media Player, affecting multiple versions of Microsoft Windows. This flaw can be exploited by remote attackers who craft malicious video files containing IV41 streams with specially designed compressed data. When processed, this can result in numerous loop iterations and potential arbitrary code execution on the victim's system, allowing the attacker to gain unauthorized control. It highlights the necessity for users to apply security updates and be cautious when opening media files from untrusted sources.

References

http://support.microsoft.com/kb/955759

vendor-advisoryx_refsource_MSKB

http://securitytracker.com/id?1023302

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/37251

vdb-entryx_refsource_BID

EPSS Score

27% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 13, 2009
Vulnerability Reserved
Dec 12, 2009