Lucene search

[email protected]NVD:CVE-2009-4310

HistoryDec 13, 2009 - 1:30 a.m.

CVE-2009-4310

2009-12-1301:30:00

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

Low

EPSS

0.183

Percentile

96.2%

JSON

Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.

Affected configurations

Nvd

Node

microsoftwindows_2000sp4

microsoftwindows_2003_serversp2

microsoftwindows_2003_serversp2itanium

microsoftwindows_2003_serversp2x64

microsoftwindows_xpsp3

microsoftwindows_xpMatch-sp2

microsoftwindows_xpMatch-sp2x64

AND

windowsmedia_player

VendorProductVersionCPE
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
microsoftwindows_xp-cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
microsoftwindows_xp-cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
windowsmedia_player*cpe:2.3:a:windows:media_player:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_2000	*	cpe:2.3:o:microsoft:windows_2000::sp4::::::*
microsoft	windows_2003_server	*	cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
microsoft	windows_2003_server	*	cpe:2.3:o:microsoft:windows_2003_server::sp2:itanium:::::
microsoft	windows_2003_server	*	cpe:2.3:o:microsoft:windows_2003_server::sp2:x64:::::
microsoft	windows_xp	*	cpe:2.3:o:microsoft:windows_xp::sp3::::::*
microsoft	windows_xp	-	cpe:2.3:o:microsoft:windows_xp:-:sp2::::::
microsoft	windows_xp	-	cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::*
windows	media_player	*	cpe:2.3:a:windows:media_player::::::::

References

secunia.com/advisories/37592

securitytracker.com/id?1023302

support.microsoft.com/kb/954157

support.microsoft.com/kb/955759

support.microsoft.com/kb/976138

www.microsoft.com/technet/security/advisory/954157.mspx

www.osvdb.org/60856

www.securityfocus.com/archive/1/508335/100/0/threaded

www.securityfocus.com/bid/37251

www.vupen.com/english/advisories/2009/3440

zerodayinitiative.com/advisories/ZDI-09-090/

exchange.xforce.ibmcloud.com/vulnerabilities/54643

exchange.xforce.ibmcloud.com/vulnerabilities/54645

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11596

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

Low

EPSS

0.183

Percentile

96.2%

JSON

Related for NVD:CVE-2009-4310

prion1 zdi1 cve1 cvelist1 openvas2 nessus1