Heap Corruption Vulnerability in Indeo32 Codec for Microsoft Windows
CVE-2009-4313

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 2003 Server; Windows Xp; Windows 2000
Vendor: CVE Published:; 13 December 2009

What is CVE-2009-4313?

The Indeo32 codec in Microsoft Windows, specifically in versions 2000 SP4, XP SP2, SP3, and Server 2003 SP2, is susceptible to heap corruption vulnerabilities. Attackers can exploit this flaw by sending malformed data in a media file stream, leading to potential denial of service or execution of arbitrary code. This is particularly demonstrated through specially crafted AVI files, posing serious risks to affected systems.

References

http://support.microsoft.com/kb/955759

vendor-advisoryx_refsource_MSKB

http://www.osvdb.org/60858

vdb-entryx_refsource_OSVDB

http://securitytracker.com/id?1023302

vdb-entryx_refsource_SECTRACK

EPSS Score

26% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2009
Vulnerability Reserved
Dec 12, 2009