VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Dec 13, 2009· Updated Apr 23, 2026

CVE-2009-4309

CVE-2009-4309

Description

Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.

Affected products

8
  • Microsoft/Windows Media Player
    cpe:2.3:a:microsoft:windows_media_player:*:*:*:*:*:*:*:*
  • Microsoft/Windows 2000
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • Microsoft/Windows 2003 Server3 versions
    cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
  • Microsoft/Windows Xp3 versions
    cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

14

News mentions

0

No linked articles in our index yet.