vulnerability note CVE-2009-4210 CVE-2009-4310 CVE-2009-4311

Windows: vulnerabilities of the Indeo codec

Synthesis of the vulnerability

An attacker can invite the victim to play malicious multimedia documents, in order to execute code in his computer.

Severity: 3/4. Creation date: 09/12/2009.

Description of the vulnerability

The Indeo codec is installed by default on Windows, in order to decode AVI videos encoded in IV41. However, several vulnerabilities of this codec generate memory corruptions, leading to code execution. An attacker can therefore invite the victim to play malicious multimedia documents, in order to execute code in his computer.

Complete Vigil@nce bulletin

Access to the complete Vigil@nce bulletin

Characteristics

Title: Windows: vulnerabilities of the Indeo codec. Keywords: AVI IV41 Indeo Windows codec vulnerabilities. Identifiers: 954157, CVE-2009-4210, CVE-2009-4310, CVE-2009-4311, CVE-2009-4312, CVE-2009-4313, VIGILANCE-VUL-9249, VU#228561, ZDI-09-089, ZDI-09-090.

Information sources

Publications and announces Source example: Microsoft Security Advisory (954157) - Security Enhancements for the Indeo Codec

Solutions for this vulnerability

Patch or workaround

Computer vulnerabilities tracking service

The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer applications vulnerability