CVE-2009-4311

Description

Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615.

References

Link	Tags
http://support.microsoft.com/kb/955759	patch vendor advisory
http://securitytracker.com/id?1023302	vdb entry
http://www.securityfocus.com/bid/37251	vdb entry
http://www.microsoft.com/technet/security/advisory/954157.mspx	patch vendor advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11975	vdb entry signature
http://support.microsoft.com/kb/976138	patch vendor advisory
http://www.vupen.com/english/advisories/2009/3440	vdb entry vendor advisory
http://support.microsoft.com/kb/954157	patch vendor advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/54645	vdb entry
http://secunia.com/advisories/37592	third party advisory vendor advisory

Frequently Asked Questions

What is the severity of CVE-2009-4311?: CVE-2009-4311 has been scored as a critical severity vulnerability.
How to fix CVE-2009-4311?: To fix CVE-2009-4311, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2009-4311 being actively exploited in the wild?: It is possible that CVE-2009-4311 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~20% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-94 – Improper Control of Generation of Code ('Code Injection')

References

Frequently Asked Questions