Executive Summary
Summary | |
---|---|
Title | Microsoft Indeo video codecs contain multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | VU#228561 | First vendor Publication | 2009-12-14 |
Vendor | VU-CERT | Last vendor Modification | 2010-04-16 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : | |||
---|---|---|---|
Cvss Base Score | N/A | Attack Range | N/A |
Cvss Impact Score | N/A | Attack Complexity | N/A |
Cvss Expoit Score | N/A | Authentication | N/A |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#228561Microsoft Indeo video codecs contain multiple vulnerabilitiesOverviewThe Indeo video codecs that are provided by Microsoft Windows contain multiple vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.I. DescriptionIndeo is a video codec that was developed by Intel and Microsoft. Multiple versions of the Indeo video codec are included with several versions of Windows, including Windows 2000, XP, and Server 2003. Each of the Indeo codecs that are provided with Microsoft Windows contains multiple vulnerabilities that can result in memory corruption. The vulnerable video codecs can be reached through a variety of APIs, including Video for Windows (VfW) or the more recent DirectShow API. Any application that uses these APIs may be vulnerable. For example, Windows Media Player, Internet Explorer, and Windows Explorer can be used as attack vectors.II. ImpactBy convincing a user to process specially-crafted Indeo video content, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. This can occur by viewing a web page with Internet Explorer, opening a media file with Windows Media Player, or simply by selecting a media file in Windows Explorer.III. SolutionApply an update
References
This vulnerability was reported by Will Dormann of the CERT/CC. This document was written by Will Dormann.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/228561 |