This host is installed with Microsoft Windows Indeo codec and prone to multiple vulnerabilities.
Successful exploitation will let the remote attackers compromise a vulnerable system. Impact Level: System
For further updates refer, http://www.microsoft.com/technet/security/advisory/954157.mspx Workaround: Apply workaround, http://support.microsoft.com/kb/954157
The multiple flaws are due to: - An error in the Indeo41 codec when processing a specific size within the 'movi' record of a IV41 stream can be exploited to cause a heap-based buffer overflow. - An error in the Indeo41 codec when decompressing a video stream can be exploited to cause a stack-based buffer overflow. - An unspecified error in the Indeo codec can be exploited to corrupt memory. - An error in the Indeo32 codec when decoding a IV32 stream can be exploited to cause memory corruption. - Other vulnerabilities also exist and are caused due to unspecified errors in the Indeo codec and can be exploited to corrupt memory by tricking a user into viewing specially crafted media content.
Microsoft Windows 2K Service Pack 4 and prior. Microsoft Windows XP Service Pack 3 and prior. Microsoft Windows 2K3 Service Pack 2 and prior.
CVE CVE-2009-4210, CVE-2009-4309, CVE-2009-4310, CVE-2009-4311, CVE-2009-4312, CVE-2009-4313
CVSS Base Score: 9.3
- Microsoft Windows IPv4 Default Configuration Security Bypass Vulnerability
- Adobe Flash Player Remote Code Execution Vulnerability (WinXP)
- SecureCRT SSH1 protocol version string overflow
- Microsoft Windows Address Book Insecure Library Loading Vulnerability
- Cisco VPN Client Privilege Escalation Vulnerability