CVE-2009-0894
CVSS V2 High 10
CVSS V3 None
Description
Heap-based buffer overflow in the decoder_create function in the initialization functionality in xvidcore/src/decoder.c in Xvid before 1.2.2, as used by Windows Media Player and other applications, allows remote attackers to execute arbitrary code via vectors involving the DirectShow (aka DShow) frontend and improper handling of the XVID_ERR_MEMORY return code during processing of a crafted movie file. NOTE: some of these details are obtained from third party information.
Overview
- CVE ID
- CVE-2009-0894
- Assigner
- cve@mitre.org
- Vulnerability Status
- Modified
- Published Version
- 2009-06-02T18:30:00
- Last Modified Date
- 2018-08-13T21:47:32
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:xvid:xvid:*:*:*:*:*:*:*:* | 1 | OR | 1.2.1 | |
| cpe:2.3:a:xvid:xvid:1.1.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:xvid:xvid:1.1.1:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:xvid:xvid:1.1.2:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:xvid:xvid:1.1.3:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:xvid:xvid:1.2.0:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:N/C:C/I:C/A:C
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- COMPLETE
- Integrity Impact
- COMPLETE
- Availability Impact
- COMPLETE
- Base Score
- 10
- Severity
- HIGH
- Exploitability Score
- 10
- Impact Score
- 10
References
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2009-0894 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0894 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 18:39:32 | Added to TrackCVE |