56909 : Microsoft Windows AVI Media File Parsing Unspecified Overflow
Printer | http://osvdb.org/56909 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
3	2348	over 2 years ago	about 1 year ago	6 times	25%

This Entry needs help! It is only 25% Complete. Click the edit link above to add more information.

Contributing is fast and easy, and benefits the entire security community.

Timeline

Disclosure Date	Vendor Solution Date
2009-08-11	2009-08-11

Description

<em style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-1546" target="_blank">CVE</a>)</em> : Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."

Classification

Location: Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Disclosure: Vendor Verified, Vendor Verified, Coordinated Disclosure

Products

Unknown or Incomplete

References

CVE ID: 2009-1546 (see also: NVD)
Secunia Advisory ID: 36206
SCIP VulDB ID: 4010
Related OSVDB ID: 56908
Microsoft Knowledge Base Article: 971557
News Article: http://www.eweek.com/c/a/Security/Microsoft-to-Fix-Windows-Office-Bugs-in-Critical-Updates-641093/
Microsoft Security Bulletin: MS09-038

Tools & Filters

	40557

Credit

Unknown or Incomplete

CVSSv2 Score

CVSSv2 Base Score = 8.5
Source: nvd.nist.gov | Generated: 2009-08-12 | Disagree?

Blogs

This product uses the Daylife API but is not endorsed or certified by Daylife.

This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.

2009/08/11 20:04:00 | August 2009 Bulletin Release

from: Security Garden

Microsoft released the new security bulletins listed below to resolve critical problem vulnerabilities. In addition to the new bulletins, Microsoft has released one new security advisory, one updated security advisory and two revised security bulletins. Updated Security Advisory : Microsoft updated Security Advisory 973882 - Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution.

2009/08/17 19:00:47 | US-CERT Releases Weekly Vulnerability Summary

from: Infosecurity.US

US-CERT has released it’s Weekly Vulnerability Summary this time, for the week of August 10, 2009 . The bulletin reports new vulnerabilities (some serious, some not so), from the National Institute of Standards and Technology ( NIST ) National Vulnerability Database ( NVD ); of special interest in this weeks’ lengthy bulletin, is the latest Apple Inc . (NasdaqGS: AAPL ) Safari flaw ( CVE-2009-2195 ).

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.