CVE-2009-1546

CWE-1893 documents3 sources

Severity

8.5HIGH

EPSS

66.3%

top 1.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 2003 Server

Timeline

PublishedAug 12

Latest updateMay 2

Description

Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/windows_2003_serversp2

Patches

Patch: www.securityfocus.com ↗Patch: www.vupen.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-hxw4-2574-h442: Integer overflow in Avifil32↗2022-05-02

▶

CVEList

CVE-2009-1546: Integer overflow in Avifil32↗2009-08-12

▶