CVE-2009-4310

Microsoft Windows - Buffer Overflow

Title source: llm
STIX 2.1

Description

Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.

References (14)

Core 14
Core References
Patch, Vendor Advisory vendor-advisory x_refsource_mskb
http://support.microsoft.com/kb/955759
Patch vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1023302
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/37251
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/60856
Patch, Vendor Advisory x_refsource_confirm
http://www.microsoft.com/technet/security/advisory/954157.mspx
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11596
Patch, Vendor Advisory vendor-advisory x_refsource_mskb
http://support.microsoft.com/kb/976138
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54643
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3440
Patch, Vendor Advisory vendor-advisory x_refsource_mskb
http://support.microsoft.com/kb/954157
Third Party Advisory x_refsource_misc
http://zerodayinitiative.com/advisories/ZDI-09-090/
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54645
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/508335/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37592

Scores

EPSS 0.2411
EPSS Percentile 97.6%

Details

CWE
CWE-119
Status published
Products (4)
microsoft/windows_2000
microsoft/windows_2003_server (3 CPE variants)
microsoft/windows_xp (3 CPE variants)
windows/media_player
Published Dec 13, 2009
Tracked Since Feb 18, 2026