8.5

CVE-2009-1546

Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 2003 Server Versionsp2 Editionitanium
MicrosoftWindows 2003 Server Versionsp2 Editionx64
MicrosoftWindows Server 2008 Editionitanium
MicrosoftWindows Server 2008 Updatesp2 Editionx64
MicrosoftWindows Server 2008 Version- Update- Editionx32
MicrosoftWindows Server 2008 Version- Update- Editionx64
MicrosoftWindows Server 2008 Version- Updatesp2 Editionitanium
MicrosoftWindows Server 2008 Version- Updatesp2 Editionx86
MicrosoftWindows Vista Updatesp1
MicrosoftWindows Vista Updatesp2
MicrosoftWindows Vista Version- Update- Editionx64
MicrosoftWindows Xp Updatesp2 Editionx64
MicrosoftWindows Xp Version- Updatesp2
MicrosoftWindows Xp Version- Updatesp3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 22.46% 0.974
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.5 6.8 10
AV:N/AC:M/Au:S/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.us-cert.gov/cas/techalerts/TA09-223A.html
US Government Resource
http://secunia.com/advisories/36206
Vendor Advisory
http://www.securitytracker.com/id?1022711
http://www.vupen.com/english/advisories/2009/2233
Patch
Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-038
http://osvdb.org/56909
http://www.securityfocus.com/bid/35970
Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5930