Multiple Remote Code Execution Vulnerabilities in Microsoft Windows Media Player Indeo Codec
Original Issue Date: December 21, 2009
Severity Rating: Medium
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 2
- Windows XP Service Pack 3
- Microsoft Windows XP Professional x64 Edition Service Pack 2
- Microsoft Windows Server 2003 Service Pack 2
- Microsoft Windows Server 2003 x64 Edition Service Pack 2
- Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
- Microsoft Windows Media Player
Multiple vulnerabilities have been reported in Microsoft Windows Media Player Indeo Codec which could allow remote attacker to execute arbitrary code on the affected system.
The Microsoft media player Indeo Codec is used to decompresses digital media files for use in applications like Windows Media Player and Internet Explorer.
Multiple vulnerabilities exist in Microsoft Windows Media Player Indeo Codec, which could allow remote code execution. These vulnerabilities are caused due to memory corruption and buffer overflow errors in Indeo41 codec when processing media content files. A remote attacker could exploit these vulnerabilities by enticing users to open or visit malicious website containing specially crafted malformed media content files, which could trigger memory corruption condition and allows remote code execution or cause application crash on affected systems.
- Unregister the Indeo codec
- Keep windows updated
- Do not open media files received from untrusted and unknown sources
- Do not open unexpected mails and media file attachments received from trusted sources
- Do not visit untrusted websites or click URLs provided in emails.
- Exercise caution while opening media files received through email attachments
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003