{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-12-08T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "955759", "tags": ["vendor-advisory", "x_refsource_MSKB"], "url": "http://support.microsoft.com/kb/955759"}, {"name": "1023302", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1023302"}, {"name": "37251", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/37251"}, {"name": "60856", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/60856"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.microsoft.com/technet/security/advisory/954157.mspx"}, {"name": "oval:org.mitre.oval:def:11596", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11596"}, {"name": "976138", "tags": ["vendor-advisory", "x_refsource_MSKB"], "url": "http://support.microsoft.com/kb/976138"}, {"name": "ms-ie-indeo41-codec-bo(54643)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54643"}, {"name": "ADV-2009-3440", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/3440"}, {"name": "954157", "tags": ["vendor-advisory", "x_refsource_MSKB"], "url": "http://support.microsoft.com/kb/954157"}, {"tags": ["x_refsource_MISC"], "url": "http://zerodayinitiative.com/advisories/ZDI-09-090/"}, {"name": "ms-ie-content-code-execution(54645)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54645"}, {"name": "20091208 ZDI-09-090: Microsoft Windows Intel Indeo Codec Parsing Stack Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/508335/100/0/threaded"}, {"name": "37592", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37592"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-4310", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "955759", "refsource": "MSKB", "url": "http://support.microsoft.com/kb/955759"}, {"name": "1023302", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1023302"}, {"name": "37251", "refsource": "BID", "url": "http://www.securityfocus.com/bid/37251"}, {"name": "60856", "refsource": "OSVDB", "url": "http://www.osvdb.org/60856"}, {"name": "http://www.microsoft.com/technet/security/advisory/954157.mspx", "refsource": "CONFIRM", "url": "http://www.microsoft.com/technet/security/advisory/954157.mspx"}, {"name": "oval:org.mitre.oval:def:11596", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11596"}, {"name": "976138", "refsource": "MSKB", "url": "http://support.microsoft.com/kb/976138"}, {"name": "ms-ie-indeo41-codec-bo(54643)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54643"}, {"name": "ADV-2009-3440", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3440"}, {"name": "954157", "refsource": "MSKB", "url": "http://support.microsoft.com/kb/954157"}, {"name": "http://zerodayinitiative.com/advisories/ZDI-09-090/", "refsource": "MISC", "url": "http://zerodayinitiative.com/advisories/ZDI-09-090/"}, {"name": "ms-ie-content-code-execution(54645)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54645"}, {"name": "20091208 ZDI-09-090: Microsoft Windows Intel Indeo Codec Parsing Stack Overflow Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/508335/100/0/threaded"}, {"name": "37592", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37592"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:01:20.147Z"}, "title": "CVE Program Container", "references": [{"name": "955759", "tags": ["vendor-advisory", "x_refsource_MSKB", "x_transferred"], "url": "http://support.microsoft.com/kb/955759"}, {"name": "1023302", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1023302"}, {"name": "37251", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/37251"}, {"name": "60856", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/60856"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.microsoft.com/technet/security/advisory/954157.mspx"}, {"name": "oval:org.mitre.oval:def:11596", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11596"}, {"name": "976138", "tags": ["vendor-advisory", "x_refsource_MSKB", "x_transferred"], "url": "http://support.microsoft.com/kb/976138"}, {"name": "ms-ie-indeo41-codec-bo(54643)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54643"}, {"name": "ADV-2009-3440", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/3440"}, {"name": "954157", "tags": ["vendor-advisory", "x_refsource_MSKB", "x_transferred"], "url": "http://support.microsoft.com/kb/954157"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://zerodayinitiative.com/advisories/ZDI-09-090/"}, {"name": "ms-ie-content-code-execution(54645)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54645"}, {"name": "20091208 ZDI-09-090: Microsoft Windows Intel Indeo Codec Parsing Stack Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/508335/100/0/threaded"}, {"name": "37592", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37592"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-4310", "datePublished": "2009-12-13T01:00:00", "dateReserved": "2009-12-12T00:00:00", "dateUpdated": "2024-08-07T07:01:20.147Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*", "matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*", "matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*", "matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:windows:media_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F1BF7A3-8B97-43CE-B4A1-CBF063AA0C61", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file."}, {"lang": "es", "value": "Desbordamiento del b\u00fafer de la pila en el codec Intel Indeo41 codec para Windows Media Player en Microsoft Windows 2000 SP4, XP SP2 y SP3, y Server 2003 SP2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de datos de v\u00eddeo comprimidos debidamente manipulados en un stream en un fichero multimedia que lleve a demasiadas iteraciones, como se demuestra con un fichero AVI."}], "id": "CVE-2009-4310", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-12-13T01:30:00.500", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37592"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://securitytracker.com/id?1023302"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://support.microsoft.com/kb/954157"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://support.microsoft.com/kb/955759"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://support.microsoft.com/kb/976138"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.microsoft.com/technet/security/advisory/954157.mspx"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/60856"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/508335/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/37251"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3440"}, {"source": "cve@mitre.org", "url": "http://zerodayinitiative.com/advisories/ZDI-09-090/"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54643"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54645"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11596"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37592"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://securitytracker.com/id?1023302"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://support.microsoft.com/kb/954157"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://support.microsoft.com/kb/955759"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://support.microsoft.com/kb/976138"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.microsoft.com/technet/security/advisory/954157.mspx"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/60856"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/508335/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/37251"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3440"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://zerodayinitiative.com/advisories/ZDI-09-090/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54643"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54645"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11596"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}