Arbitrary Code Execution Vulnerability in Microsoft Indeo Codec
CVE-2009-4312

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 2003 Server; Windows Xp; Windows 2000
Vendor: CVE Published:; 13 December 2009

What is CVE-2009-4312?

This vulnerability arises from flaws in the Indeo codec used in several Microsoft Windows operating systems, allowing remote attackers to execute arbitrary code by leveraging specially crafted media content. Successful exploitation could result in complete system compromise, making systems running affected versions particularly vulnerable.

References

http://support.microsoft.com/kb/955759

vendor-advisoryx_refsource_MSKB

http://securitytracker.com/id?1023302

vdb-entryx_refsource_SECTRACK

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

20% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2009
Vulnerability Reserved
Dec 12, 2009