NVD Vulnerability Detail

CVE-2009-4310

Summary	Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.
Publication Date	Dec. 13, 2009, 10:30 a.m.
Registration Date	Jan. 29, 2021, 1:26 p.m.
Last Update	Oct. 11, 2018, 4:49 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:microsoft:windows_2000::sp4::::::*
cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
cpe:2.3:o:microsoft:windows_2003_server::sp2:itanium:::::
cpe:2.3:o:microsoft:windows_2003_server::sp2:x64:::::
cpe:2.3:o:microsoft:windows_xp::sp3::::::*
cpe:2.3:o:microsoft:windows_xp:-:sp2::::::
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::*
cpe:2.3:a:windows:media_player::::::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://secunia.com/advisories/37592	SECUNIA	Vendor Advisory
2	http://securitytracker.com/id?1023302	SECTRACK	Patch
3	http://support.microsoft.com/kb/954157	MSKB	Patch Vendor Advisory
4	http://support.microsoft.com/kb/955759	MSKB	Patch Vendor Advisory
5	http://support.microsoft.com/kb/976138	MSKB	Patch Vendor Advisory
6	http://www.microsoft.com/technet/security/advisory/954157.mspx	CONFIRM	Patch Vendor Advisory
7	http://www.osvdb.org/60856	OSVDB
8	http://www.securityfocus.com/archive/1/508335/100/0/threaded	BUGTRAQ
9	http://www.securityfocus.com/bid/37251	BID
10	http://www.vupen.com/english/advisories/2009/3440	VUPEN	Vendor Advisory
11	http://zerodayinitiative.com/advisories/ZDI-09-090/	MISC
12	https://exchange.xforce.ibmcloud.com/vulnerabilities/54643	XF
13	https://exchange.xforce.ibmcloud.com/vulnerabilities/54645	XF
14	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11596	OVAL

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

JVN Vulnerability Information

Indeo コーデックに複数の脆弱性

Title	Indeo コーデックに複数の脆弱性
Summary	Microsoft Windows に含まれている Indeo コーデックには、複数の脆弱性が存在します。 Microsoft Windows 2000、XP、Server 2003 に含まれている Indeo コーデックには、複数の脆弱性が存在します。 Windows Media Player、Internet Explorer や Windows Explorer など Indeo コーデックを使用するアプリケーションにおいてメモリ破損が起きる可能性があります。
Possible impacts	細工されたビデオコンテンツを閲覧することで、遠隔の第三者によって任意のコードを実行される可能性があります。
Solution	[アップデートする] Microsoft が提供する情報をもとにアップデートを行ってください。
Publication Date	Dec. 15, 2009, midnight
Registration Date	Jan. 25, 2010, 11:52 a.m.
Last Update	Jan. 25, 2010, 11:52 a.m.

Affected System

マイクロソフト

Microsoft Windows 2000

Microsoft Windows Server 2003

Microsoft Windows Server 2003 (itanium)

Microsoft Windows Server 2003 (x64)

Microsoft Windows XP (x64)

Microsoft Windows XP sp3

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2009-4310	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4310
National Vulnerability Database (NVD)
2	CVE-2009-4310	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4310

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Microsoft Security Advisory
1	954157	http://www.microsoft.com/technet/security/advisory/954157.mspx
Microsoft サポート
2	954157	http://support.microsoft.com/kb/954157
3	976138	http://support.microsoft.com/kb/976138
マイクロソフトセキュリティアドバイザリ
4	954157	http://www.microsoft.com/japan/technet/security/advisory/954157.mspx

その他

No	Name	URL
ISS X-Force Database
1	54643	http://xforce.iss.net/xforce/xfdb/54643
JVN
2	JVNVU#228561	http://jvn.jp/cert/JVNVU228561/
OPEN SOURCE VULNERABILITY DATABASE (OSVDB)
3	60856	http://www.osvdb.org/60856
Secunia Advisory
4	SA37592	http://secunia.com/advisories/37592
SecurityTracker
5	1023302	http://securitytracker.com/id?1023302
US-CERT Vulnerability Note
6	VU#228561	http://www.kb.cert.org/vuls/id/228561
VUPEN Security
7	VUPEN/ADV-2009-3440	http://www.vupen.com/english/advisories/2009/3440

Change Log

No	Changed Details	Date of change
0	[2010年01月25日] 掲載	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:microsoft:windows_2000::sp4::::::*
cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
cpe:2.3:o:microsoft:windows_2003_server::sp2:itanium:::::
cpe:2.3:o:microsoft:windows_2003_server::sp2:x64:::::
cpe:2.3:o:microsoft:windows_xp::sp3::::::*
cpe:2.3:o:microsoft:windows_xp:-:sp2::::::
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::*
cpe:2.3:a:windows:media_player::::::::