CVE-2009-4309

critical

Microsoft

CVSS v3 Base Score

9.3

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS Score

30.6%

Exploitation probability in 30 days

Top 3% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Confidentiality

Integrity

Availability

Published: December 13, 2009 (5996 days ago)

Last Modified: April 23, 2026

Vendor: Microsoft

Source: NVD

Description

Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.

CWE

CWE-119

Affected Products

microsoft windows media playermicrosoft windows 2000microsoft windows 2003 servermicrosoft windows xp

References

🔗 secunia.com 🔗 securitytracker.com 🔗 support.microsoft.com 🔗 support.microsoft.com 🔗 support.microsoft.com

CVE-2009-4309

Vulnerability Report

Description

CWE

Affected Products

References