Summary
This host is installed with Microsoft Windows Indeo codec and prone to multiple vulnerabilities.
Impact
Successful exploitation will let the remote attackers compromise a vulnerable system.
Impact Level: System
Solution
For further updates refer,
http://www.microsoft.com/technet/security/advisory/954157.mspx
Workaround:
Apply workaround,
http://support.microsoft.com/kb/954157
Insight
The multiple flaws are due to:
- An error in the Indeo41 codec when processing a specific size within the 'movi' record of a IV41 stream can be exploited to cause a heap-based buffer overflow.
- An error in the Indeo41 codec when decompressing a video stream can be exploited to cause a stack-based buffer overflow.
- An unspecified error in the Indeo codec can be exploited to corrupt memory.
- An error in the Indeo32 codec when decoding a IV32 stream can be exploited to cause memory corruption.
- Other vulnerabilities also exist and are caused due to unspecified errors in the Indeo codec and can be exploited to corrupt memory by tricking a user into viewing specially crafted media content.
Affected
Microsoft Windows 2K Service Pack 4 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
References
Severity
Classification
-
CVE CVE-2009-4210, CVE-2009-4309, CVE-2009-4310, CVE-2009-4311, CVE-2009-4312, CVE-2009-4313 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Autorun Arbitrary Code Execution Vulnerability (08-038)
- Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability
- MS Internet Explorer 'VBScript' Remote Code Execution Vulnerability
- Microsoft Windows IPv4 Default Configuration Security Bypass Vulnerability
- Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability