Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."
Vector
NETWORK
Complexity
MEDIUM
Authentication
SINGLE_INSTANCE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
Microsoft Windows xp - Sp3 (not an official CPE)
Microsoft Windows xp - Sp2 (not an official CPE)
Microsoft Windows vista - - X64 (not an official CPE)
Microsoft Windows xp Sp2 X64 (not an official CPE)
Microsoft Windows Vista Service Pack 2 x64 (64-bit)
Microsoft Windows server 2008 - Sp2 X86 (not an official CPE)
Microsoft Windows Vista Service Pack 1 x64 (64-bit)
Microsoft Windows server 2008 - - X64 (not an official CPE)
Microsoft Windows Server 2008 Service Pack 2 for Itanium-Based Systems
Microsoft Windows server 2008 - - X32 (not an official CPE)
Microsoft Windows Server 2008 Service Pack 2 x64 (64-bit)
Microsoft Windows 2003 server Sp2 X64 (not an official CPE)
Microsoft Windows Server 2008 Itanium
Microsoft Windows 2003 server Sp2 Itanium (not an official CPE)
Microsoft Windows 2003 server Sp2 (not an official CPE)
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| ADV-2009-2233 | |||
| MS09-038 | |||
| 35970 | |||
| 1022711 | |||
| TA09-223A |