Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation resources documentation contact  
subscriber area subscriber area
free access free access
Vigil@nce describes vulnerabilities impacting your systems, and offers solutions to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability
vulnerability note CVE-2009-4210 CVE-2009-4310 CVE-2009-4311
Windows: vulnerabilities of the Indeo codec

Synthesis of the vulnerability
An attacker can invite the victim to play malicious multimedia documents, in order to execute code in his computer.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Means of attack: no proof of concept, no attack.
Ability of attacker: expert (4/4).
Confidence: confirmed by the editor (5/5).
Diffusion of the vulnerable configuration: high (3/3).
Creation date: 09/12/2009.

Impacted products

Description of the vulnerability
The Indeo codec is installed by default on Windows, in order to decode AVI videos encoded in IV41.

However, several vulnerabilities of this codec generate memory corruptions, leading to code execution.

An attacker can therefore invite the victim to play malicious multimedia documents, in order to execute code in his computer.

Characteristics
Title: Windows: vulnerabilities of the Indeo codec
Identifiers: 954157, CVE-2009-4210, CVE-2009-4310, CVE-2009-4311, CVE-2009-4312, CVE-2009-4313, VIGILANCE-VUL-9249, VU#228561, ZDI-09-089, ZDI-09-090.
Url: https://vigilance.fr/tree/1/9249

Information sources
Publications and announces
Source example: Microsoft Security Advisory (954157) - Security Enhancements for the Indeo Codec

Solutions for this vulnerability
Patch or workaround



















France Télécom Copyright 1999-2010 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française