CVE-2009-4309
Summary
| CVE | CVE-2009-4309 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-12-13 01:30:00 UTC |
| Updated | 2026-04-23 00:35:47 UTC |
| Description | Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:M/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Microsoft | Windows 2000 | All | sp4 | All | All |
| Operating System | Microsoft | Windows 2003 Server | All | sp2 | All | All |
| Operating System | Microsoft | Windows 2003 Server | All | sp2 | itanium | All |
| Operating System | Microsoft | Windows 2003 Server | All | sp2 | x64 | All |
| Application | Microsoft | Windows Media Player | All | All | All | All |
| Operating System | Microsoft | Windows Xp | All | sp3 | All | All |
| Operating System | Microsoft | Windows Xp | - | sp2 | All | All |
| Operating System | Microsoft | Windows Xp | - | sp2 | x64 | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SecurityTracker.com Archives - Windows Media Player Indeo Codec Bugs Let Remote Users Execute Arbitrary Code | af854a3a-2127-422b-91ae-364da2661108 | securitytracker.com | Patch |
| www.osvdb.org/60855 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | |
| Zero Day Initiative | af854a3a-2127-422b-91ae-364da2661108 | zerodayinitiative.com | |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Vendor Advisory |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | |
| Microsoft Security Advisory: Description of the AppCompat update for Indeo codec: December 08, 2009 | af854a3a-2127-422b-91ae-364da2661108 | support.microsoft.com | Patch, Vendor Advisory |
| Your request has been blocked. This could be due to several reasons. | af854a3a-2127-422b-91ae-364da2661108 | www.microsoft.com | Patch, Vendor Advisory |
| Microsoft Security Advisory: Description of the Quartz update for the Indeo codec: December 8, 2009 | af854a3a-2127-422b-91ae-364da2661108 | support.microsoft.com | Patch, Vendor Advisory |
| Microsoft Security Advisory: Vulnerabilities in the Indeo codec could allow remote code execution: December 8, 2009 | af854a3a-2127-422b-91ae-364da2661108 | support.microsoft.com | Patch, Vendor Advisory |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| About Secunia Research | Flexera | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| Intel Indeo Codec Media Content Multiple Buffer Overflow Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.