Lucene search

K
cve[email protected]CVE-2009-4313
HistoryDec 13, 2009 - 1:30 a.m.

CVE-2009-4313

2009-12-1301:30:00
CWE-119
web.nvd.nist.gov
35
cve-2009-4313
indeo32 codec
remote code execution
avi file
heap corruption
denial of service
microsoft windows
nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

High

0.104 Low

EPSS

Percentile

95.0%

ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.

Affected configurations

NVD
Node
microsoftwindows_2000sp4
OR
microsoftwindows_2003_serversp2
OR
microsoftwindows_2003_serversp2itanium
OR
microsoftwindows_2003_serversp2x64
OR
microsoftwindows_xpsp3
OR
microsoftwindows_xpMatch-sp2
OR
microsoftwindows_xpMatch-sp2x64

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

High

0.104 Low

EPSS

Percentile

95.0%

Related for CVE-2009-4313