Lucene search

MitreCVE-2009-4210

HistoryDec 13, 2009 - 1:30 a.m.

CVE-2009-4210

2009-12-1301:30:00

CWE-94

mitre

web.nvd.nist.gov

cve-2009-4210

indeo codec

microsoft

windows

denial of service

memory corruption

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

High

EPSS

0.023

Percentile

89.8%

JSON

The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.

Affected configurations

Nvd

Node

microsoftwindows_2000sp4

microsoftwindows_2003_serversp2

microsoftwindows_2003_serversp2itanium

microsoftwindows_2003_serversp2x64

microsoftwindows_xpsp3

microsoftwindows_xpMatch-sp2

microsoftwindows_xpMatch-sp2x64

VendorProductVersionCPE
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
microsoftwindows_xp-cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
microsoftwindows_xp-cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_2000	*	cpe:2.3:o:microsoft:windows_2000::sp4::::::*
microsoft	windows_2003_server	*	cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
microsoft	windows_2003_server	*	cpe:2.3:o:microsoft:windows_2003_server::sp2:itanium:::::
microsoft	windows_2003_server	*	cpe:2.3:o:microsoft:windows_2003_server::sp2:x64:::::
microsoft	windows_xp	*	cpe:2.3:o:microsoft:windows_xp::sp3::::::*
microsoft	windows_xp	-	cpe:2.3:o:microsoft:windows_xp:-:sp2::::::
microsoft	windows_xp	-	cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::*

References

secunia.com/advisories/37592

securitytracker.com/id?1023302

support.microsoft.com/kb/954157

support.microsoft.com/kb/955759

support.microsoft.com/kb/976138

www.fortiguard.com/advisory/FGA-2009-45.html

www.microsoft.com/technet/security/advisory/954157.mspx

www.osvdb.org/60857

www.securityfocus.com/archive/1/508323/100/0/threaded

www.securityfocus.com/bid/37251

www.vupen.com/english/advisories/2009/3440

exchange.xforce.ibmcloud.com/vulnerabilities/54644

exchange.xforce.ibmcloud.com/vulnerabilities/54645

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11677

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

High

EPSS

0.023

Percentile

89.8%

JSON

Related for CVE-2009-4210