CVE-2009-1546

Severity

85%

Complexity

68%

Confidentiality

165%

Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."

CVSS 2.0 Base Score 8.5. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:S/C:C/I:C/A:C).

Overview

First reported 15 years ago

2009-08-12 17:30:00

Last updated 6 years ago

2018-10-30 16:25:00

Affected Software

Microsoft Windows Server 2008 Itanium

Microsoft Windows Server 2008 Service Pack 2 x64 (64-bit)

Microsoft Windows Server 2008 Service Pack 2 for Itanium-Based Systems

Windows Server 2008 Service Pack 2 x86

Microsoft Windows Vista Service Pack 1 x64 (64-bit)

Microsoft Windows Vista Service Pack 2 x64 (64-bit)

Microsoft Windows XP Service Pack 2 x64 (64-bit)

Microsoft Windows XP Service Pack 2

Microsoft Windows XP Service Pack 3

References

56909

36206

Vendor Advisory

35970

Patch

1022711

TA09-223A

US Government Resource

ADV-2009-2233

Patch, Vendor Advisory

MS09-038

oval:org.mitre.oval:def:5930

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.