Summary
This host has Xvid installed, and is prone to Buffer Overflow vulnerability.
Impact
Remote attackers may exploit this issue to cause multiple heap based buffer overflow, execute arbitrary code and may cause denial of service.
Impact Level: System/Application
Solution
Upgrade to Xvid 1.2.2 or later
http://www.xvid.org/
Insight
- Inadequate sanitation of user supplied data in 'decoder_iframe', 'decoder_pframe' and 'decoder_bframe' fuctions in xvidcore/src/decoder.c and can be exploited by providing a crafted macroblock (aka MBlock) number in a video stream in a crafted movie file.
- A boundary error in 'decoder_create' function n xvidcore/src/decoder.c can be exploited via vectors involving the DirectShow (aka DShow) frontend and improper handling of the XVID_ERR_MEMORY return code during processing of a crafted movie file
Affected
Xvid before 1.2.2 on Windows.
References
Severity
Classification
-
CVE CVE-2009-0893, CVE-2009-0894 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Player Multiple Vulnerabilities - Mar09 (Linux)
- Cyrus IMAP Server 'split_wildmats()' Remote Buffer Overflow Vulnerability
- CA eTrust PestPatrol Anti-Spyware 'ppctl.dll' ActiveX Control BOF Vulnerability
- BaoFeng Storm '.smpl' File Buffer Overflow Vulnerability
- Adobe Reader 'Plug-in' Buffer Overflow Vulnerability (Mac OS X)