CVE-2009-4310

N/A Unknown
Published: December 13, 2009 Modified: April 23, 2026
View on NVD

Description

Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://secunia.com/advisories/37592
Source: cve@mitre.org
Vendor Advisory
http://securitytracker.com/id?1023302
Source: cve@mitre.org
Patch
http://support.microsoft.com/kb/954157
Source: cve@mitre.org
Patch Vendor Advisory
http://support.microsoft.com/kb/955759
Source: cve@mitre.org
Patch Vendor Advisory
http://support.microsoft.com/kb/976138
Source: cve@mitre.org
Patch Vendor Advisory
http://www.microsoft.com/technet/security/advisory/954157.mspx
Source: cve@mitre.org
Patch Vendor Advisory
http://www.osvdb.org/60856
Source: cve@mitre.org
http://www.securityfocus.com/archive/1/508335/100/0/threaded
Source: cve@mitre.org
http://www.securityfocus.com/bid/37251
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2009/3440
Source: cve@mitre.org
Vendor Advisory
http://zerodayinitiative.com/advisories/ZDI-09-090/
Source: cve@mitre.org
https://exchange.xforce.ibmcloud.com/vulnerabilities/54643
Source: cve@mitre.org
https://exchange.xforce.ibmcloud.com/vulnerabilities/54645
Source: cve@mitre.org
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11596
Source: cve@mitre.org
http://secunia.com/advisories/37592
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://securitytracker.com/id?1023302
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
http://support.microsoft.com/kb/954157
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://support.microsoft.com/kb/955759
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://support.microsoft.com/kb/976138
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://www.microsoft.com/technet/security/advisory/954157.mspx
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://www.osvdb.org/60856
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/508335/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/37251
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2009/3440
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://zerodayinitiative.com/advisories/ZDI-09-090/
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/54643
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/54645
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11596
Source: af854a3a-2127-422b-91ae-364da2661108

28 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
30.6%
97th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-119

Affected Vendors

microsoft windows

Related CVEs

CVE-2026-6786 8.1
CVE-2026-6785 8.1
CVE-2026-7041 3.7
CVE-2026-7039 7.8
CVE-2026-7038 3.3