CVE-2009-4309

Microsoft Windows - Buffer Overflow

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.

References (14)

Core 14
Core References
Patch, Vendor Advisory vendor-advisory x_refsource_mskb
http://support.microsoft.com/kb/955759
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/508324/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54642
Patch vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1023302
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/37251
Patch, Vendor Advisory x_refsource_confirm
http://www.microsoft.com/technet/security/advisory/954157.mspx
Patch, Vendor Advisory vendor-advisory x_refsource_mskb
http://support.microsoft.com/kb/976138
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3440
Third Party Advisory x_refsource_misc
http://zerodayinitiative.com/advisories/ZDI-09-089/
Patch, Vendor Advisory vendor-advisory x_refsource_mskb
http://support.microsoft.com/kb/954157
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12188
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/60855
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54645
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37592

Scores

EPSS 0.2411
EPSS Percentile 97.6%

Details

CWE
CWE-119
Status published
Products (4)
microsoft/windows_2000
microsoft/windows_2003_server (3 CPE variants)
microsoft/windows_media_player
microsoft/windows_xp (3 CPE variants)
Published Dec 13, 2009
Tracked Since Feb 18, 2026