Unrated severityNVD Advisory· Published Dec 13, 2009· Updated Jun 16, 2026
CVE-2009-4309
CVE-2009-4309
Description
Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10- cpe:2.3:a:microsoft:windows_media_player:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
14- securitytracker.com/idnvdPatch
- support.microsoft.com/kb/954157nvdPatchVendor Advisory
- support.microsoft.com/kb/955759nvdPatchVendor Advisory
- support.microsoft.com/kb/976138nvdPatchVendor Advisory
- www.microsoft.com/technet/security/advisory/954157.mspxnvdPatchVendor Advisory
- secunia.com/advisories/37592nvdVendor Advisory
- www.vupen.com/english/advisories/2009/3440nvdVendor Advisory
- www.osvdb.org/60855nvd
- www.securityfocus.com/archive/1/508324/100/0/threadednvd
- www.securityfocus.com/bid/37251nvd
- zerodayinitiative.com/advisories/ZDI-09-089/nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/54642nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/54645nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12188nvd
News mentions
0No linked articles in our index yet.