Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2009-4309
HistoryDec 13, 2009 - 1:30 a.m.

CVE-2009-4309

2009-12-1301:30:00
CWE-119
mitre
web.nvd.nist.gov
37
cve-2009-4309
buffer overflow
indeo41
codec
windows media player
microsoft windows
remote code execution
iv41
media file
avi file

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

Low

EPSS

0.183

Percentile

96.2%

JSON

Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.

Affected configurations

Nvd
Node
microsoftwindows_media_player
AND
microsoftwindows_2000sp4
OR
microsoftwindows_2003_serversp2
OR
microsoftwindows_2003_serversp2itanium
OR
microsoftwindows_2003_serversp2x64
OR
microsoftwindows_xpsp3
OR
microsoftwindows_xpMatch-sp2
OR
microsoftwindows_xpMatch-sp2x64
VendorProductVersionCPE
microsoftwindows_media_player*cpe:2.3:a:microsoft:windows_media_player:*:*:*:*:*:*:*:*
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
microsoftwindows_xp-cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
microsoftwindows_xp-cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*

Related

prion 1
nvd 1
zdi 1
cvelist 1
openvas 2
nessus 1
prion
prion
Heap overflow
2009-12-13 01:30:00
nvd
nvd
CVE-2009-4309
2009-12-13 01:30:00
zdi
zdi
Microsoft Windows Intel Indeo Codec Parsing Heap Overflow Vulnerability
2009-12-08 00:00:00
cvelist
cvelist
CVE-2009-4309
2009-12-13 01:00:00
openvas
openvas
Microsoft Windows Indeo Codec Multiple Vulnerabilities
2009-12-17 00:00:00
Microsoft Windows Indeo Codec Multiple Vulnerabilities
2009-12-17 00:00:00
nessus
nessus
MS KB955759: Security Enhancements for the Indeo Codec
2009-12-09 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

Low

EPSS

0.183

Percentile

96.2%

JSON
Related for CVE-2009-4309
prion1nvd1zdi1cvelist1openvas2nessus1