CVE-2009-4311
7.4 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.092 Low
EPSS
Percentile
94.6%
Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615.
References
secunia.com/advisories/37592
securitytracker.com/id?1023302
support.microsoft.com/kb/954157
support.microsoft.com/kb/955759
support.microsoft.com/kb/976138
www.microsoft.com/technet/security/advisory/954157.mspx
www.securityfocus.com/bid/37251
www.vupen.com/english/advisories/2009/3440
exchange.xforce.ibmcloud.com/vulnerabilities/54645
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11975
Related
7.4 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.092 Low
EPSS
Percentile
94.6%