Executive Summary
Summary | |
---|---|
Title | Security Enhancements for the Indeo Codec |
Informations | |||
---|---|---|---|
Name | KB954157 | First vendor Publication | 2009-12-08 |
Vendor | Microsoft | Last vendor Modification | 1970-01-01 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft is announcing the availability of an update that provides security mitigations to the Indeo codec on supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003. The Indeo codec on systems running Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow code remote code execution when opening specially crafted media content. The update blocks the Indeo codec from being launched in Internet Explorer or Windows Media player. The update also removes the ability for this codec to be loaded when browsing the Internet with any other applications. By only allowing applications to use the Indeo codec when the media content is from the local system or from the intranet zone, and by preventing Internet Explorer and Windows Media Player from launching the codec at all, this update removes the most common remote attack vectors but still allows games or other applications that leverage the codec locally to continue to function. The update is available through automatic updating and from the Microsoft Download Center. Customers who have automatic updating enabled will not need to take any action because this security update will be downloaded and installed automatically. For more information about this issue, including download links for this non-security update, see Microsoft Knowledge Base Article 954157. The Indeo codec may be used and may be required by certain applications in multiple ways. The Indeo codec may be required when visiting legitimate Web sites, and in corporate environment line-of-business applications. This is likely to be a more common scenario for customers running older operating systems. Therefore, this update is being offered to customers on older operating systems automatically, but will still allow the codec to function in line-of-business application scenarios. On the other hand, customers who do not have a use for the codec may choose to take an additional step and deregister the codec completely. Deregistering the codec would remove all attack vectors that leverage the Indeo codec. See Microsoft Knowledge Base Article 954157 for directions on how to deregister the codec. We encourage customers running supported editions of Microsoft Windows 2000, Windows XP, and Windows 2003 to review and install this update or to deregister the Indeo codec. By installing this update and deregistering the codec on these older operating systems, customers will have the same mitigations included in Windows Vista and Windows 7. For more information about this issue, see the following references: This advisory discusses the following software. What is the scope of the advisory? What is the Indeo Codec? How could an attacker exploit the vulnerability? It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems. Another way that an attacker could exploit this vulnerability is to get specially crafted media content onto a user's system that leverages the Indeo codec. Is there a change in user experience after this update is installed? How do I disable the Indeo codec? How do I re-enable the use of this codec after this update is installed? Why are there two parts to the update associated with this advisory? Why is this update not associated with a Security Bulletin? Why is Microsoft not fixing specific vulnerabilities in this update? Microsoft has not identified any mitigating factors for this vulnerability. Workaround refers to a setting or configuration change that does not correct the underlying vulnerabilities but would help block known attack vectors. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality: It is possible to disable this codec by deregistering the codec. For directions on how to deregister the codec, see Microsoft Knowledge Base Article 954157. Impact of workaround. Deregistering the Indeo codec will prevent any application or media content from using this codec. How to undo the workaround. See Microsoft Knowledge Base Article 954157 for information on how to undo this workaround. For more information about this issue, see Microsoft Knowledge Base Article 954157. All Windows users should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit Windows Update, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have Automatic Updates enabled, the updates are delivered to you when they are released, but you have to make sure you install them. For more information about security updates, visit Microsoft Security Central. |
Original Source
Url : http://www.microsoft.com/technet/security/advisory/954157.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
50 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11573 | |||
Oval ID: | oval:org.mitre.oval:def:11573 | ||
Title: | Unspecified vulnerability in the Indeo (CVE-2009-4312) | ||
Description: | Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-4312 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11596 | |||
Oval ID: | oval:org.mitre.oval:def:11596 | ||
Title: | Stack-based buffer overflow in the Intel Indeo41 codec | ||
Description: | Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-4310 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11677 | |||
Oval ID: | oval:org.mitre.oval:def:11677 | ||
Title: | Denial of service (memory corruption) in Microsoft Indeo codec | ||
Description: | The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-4210 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11975 | |||
Oval ID: | oval:org.mitre.oval:def:11975 | ||
Title: | Unspecified vulnerability in the Indeo (CVE-2009-4311) | ||
Description: | Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-4311 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12188 | |||
Oval ID: | oval:org.mitre.oval:def:12188 | ||
Title: | Heap-based buffer overflow in the Intel Indeo41 codec | ||
Description: | Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-4309 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12242 | |||
Oval ID: | oval:org.mitre.oval:def:12242 | ||
Title: | Heap corruption in the Intel Indeo41 codec | ||
Description: | ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-4313 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 1 | |
Os | 1 | |
Os | 3 | |
Os | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2009-12-17 | Name : Microsoft Windows Indeo Codec Multiple Vulnerabilities File : nvt/gb_ms_indeo_codec_mult_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
61037 | Microsoft Windows Indeo Codec Crafted Media Content Arbitrary Code Execution ... |
61036 | Microsoft Windows Indeo Codec Crafted Media Content Arbitrary Code Execution ... |
60858 | Microsoft Windows Intel Indeo32 Codec (ir32_32.dll) IV32 FourCC Code Handling... |
60857 | Microsoft Windows Indeo Codec Unspecified Memory Corruption |
60856 | Microsoft Windows Intel Indeo41 Codec IV41 Stream Video Decompression Overflow |
60855 | Microsoft Windows Intel Indeo41 Codec IV41 movi Record Handling Overflow |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-12-30 | IAVM : 2009-B-0069 - Multiple Vulnerabilities in Indeo Codec affecting Microsoft Windows Severity : Category II - VMSKEY : V0022163 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-12-09 | Name : The remote host is missing a security update that mitigates multiple vulnerab... File : smb_kb_955759.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:38:46 |
|