Unrated severityNVD Advisory· Published Dec 13, 2009· Updated Apr 23, 2026

CVE-2009-4311

Description

Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615.

Affected products

Microsoft/Windows 2000
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
Microsoft/Windows 2003 Server3 versions
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
Microsoft/Windows Xp3 versions
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.microsoft.com/kb/954157nvdPatchVendor Advisory
support.microsoft.com/kb/955759nvdPatchVendor Advisory
support.microsoft.com/kb/976138nvdPatchVendor Advisory
www.microsoft.com/technet/security/advisory/954157.mspxnvdPatchVendor Advisory
secunia.com/advisories/37592nvdVendor Advisory
www.vupen.com/english/advisories/2009/3440nvdVendor Advisory
securitytracker.com/idnvd
www.securityfocus.com/bid/37251nvd
exchange.xforce.ibmcloud.com/vulnerabilities/54645nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11975nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.020
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000