CVE-2009-0084

CWE-94 — Code Injection4 documents4 sources

Severity

9.3CRITICAL

EPSS

61.6%

top 1.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Directx

Timeline

PublishedApr 15

Latest updateMay 2

Description

Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/directx5 versions+4

🔴Vulnerability Details

GHSA

GHSA-r85w-v686-f8j6: Use-after-free vulnerability in DirectShow in Microsoft DirectX 8↗2022-05-02

▶

CVEList

CVE-2009-0084: Use-after-free vulnerability in DirectShow in Microsoft DirectX 8↗2009-04-15

▶

VulnCheck

Microsoft Windows Improper Control of Generation of Code ('Code Injection')↗2009

▶