CVE-2009-0894
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
91.6%
Heap-based buffer overflow in the decoder_create function in the initialization functionality in xvidcore/src/decoder.c in Xvid before 1.2.2, as used by Windows Media Player and other applications, allows remote attackers to execute arbitrary code via vectors involving the DirectShow (aka DShow) frontend and improper handling of the XVID_ERR_MEMORY return code during processing of a crafted movie file. NOTE: some of these details are obtained from third party information.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| xvid | xvid | * | cpe:2.3:a:xvid:xvid:*:*:*:*:*:*:*:* |
| xvid | xvid | 1.1.0 | cpe:2.3:a:xvid:xvid:1.1.0:*:*:*:*:*:*:* |
| xvid | xvid | 1.1.1 | cpe:2.3:a:xvid:xvid:1.1.1:*:*:*:*:*:*:* |
| xvid | xvid | 1.1.2 | cpe:2.3:a:xvid:xvid:1.1.2:*:*:*:*:*:*:* |
| xvid | xvid | 1.1.3 | cpe:2.3:a:xvid:xvid:1.1.3:*:*:*:*:*:*:* |
| xvid | xvid | 1.2.0 | cpe:2.3:a:xvid:xvid:1.2.0:*:*:*:*:*:*:* |
References
cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c
cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c?r1=1.80&r2=1.81
www.securityfocus.com/bid/35158
www.xvid.org/News.64.0.html?&cHash=0170b4e439&tx_ttnews%5BbackPid%5D=64&tx_ttnews%5Btt_news%5D=7
www.it-isac.org/postings/cyber/alertdetail.php?id=4635&selyear=2009&menutype=menupublic
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
91.6%