This host is installed with Microsoft Windows Indeo codec and prone to multiple vulnerabilities.

Successful exploitation will let the remote attackers compromise a vulnerable system. Impact Level: System

For further updates refer, http://www.microsoft.com/technet/security/advisory/954157.mspx Workaround: Apply workaround, http://support.microsoft.com/kb/954157

The multiple flaws are due to: - An error in the Indeo41 codec when processing a specific size within the 'movi' record of a IV41 stream can be exploited to cause a heap-based buffer overflow. - An error in the Indeo41 codec when decompressing a video stream can be exploited to cause a stack-based buffer overflow. - An unspecified error in the Indeo codec can be exploited to corrupt memory. - An error in the Indeo32 codec when decoding a IV32 stream can be exploited to cause memory corruption. - Other vulnerabilities also exist and are caused due to unspecified errors in the Indeo codec and can be exploited to corrupt memory by tricking a user into viewing specially crafted media content.

Microsoft Windows 2K Service Pack 4 and prior. Microsoft Windows XP Service Pack 3 and prior. Microsoft Windows 2K3 Service Pack 2 and prior.

• http://secunia.com/advisories/37592
• http://support.microsoft.com/kb/955759
• http://support.microsoft.com/kb/976138
• http://www.microsoft.com/technet/security/advisory/954157.mspx

---

Updated on 2015-03-25