CVE-2009-4309

CVE Database · CVE-2009-4309

CVE-2009-4309

· N/AModified

CVSS v3.1

N/A

EPSS

24.11%

Published

Dec 12, 2009

Modified

Apr 22, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.

Weaknesses (CWE)

CWE-119

Affected Products (8)

microsoft · windows_media_playervulnerable

microsoft · windows_2000vulnerable

microsoft · windows_2003_servervulnerable

microsoft · windows_xpvulnerable

References (20)

http://secunia.com/advisories/37592

Vendor Advisory

http://securitytracker.com/id?1023302

Patch