Documents Associated to Indeo Video

New User, Welcome! Login

Indeo Video

iDefense Security Advisory 12.08.09: Microsoft Windows Indeo32 Codec Parsing Heap Corruption Vulnerability

http://labs.idefense.com/intelligence/vulnerabilities/
Dec 08, 2009

I. BACKGROUND

Indeo Video is a video codec developed by Intel and included in
Microsoft Windows. For more information about Indeo codec, please the
visit following website:
http://ligos.com/index.php/home/products/indeo/

II. DESCRIPTION

Fortinet Advisory: Fortinet Discovers Vulnerability in Indeo Codec

Fortinet Discovers Vulnerability in Indeo Codec
2009.December.08

Summary:

Fortinet's FortiGuard Labs Discovers Memory Corruption Vulnerability in Indeo Codec.

Impact:

Remote Code Execution.

Critical Vulnerability in Apple =?UTF-8?B?UXVpY2t0aW1l4oCZcyBJbmQ=?= =?UTF-8?B?ZW8gQ29kZWM=?=

http://www.ngssoftware.com/advisories/critical-vulnerability-in-apple-quicktimes-indeo-codec/

Paul Byrne of NGSSoftware has discovered a critical vulnerability in
Apple Quicktime's implementation of the Indeo Codec (CVE-ID:
CVE-2008-3615) which may allow an attacker to execute arbitrary code on
a user’s system via playing a malformed movie file in Quicktime
containing video encoded in the Indeo Codec. This is also possible to be
executed through the Quicktime Internet Explorer Active X control. It is
in the Quicktime library for Indeo in the file "ir50_32.qtx" which was
previous distributed through Apple's website but written by a third

ZDI-08-037: Apple QuickTime Indeo Video Buffer Overflow Vulnerability

ZDI-08-037: Apple QuickTime Indeo Video Buffer Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-037
June 10, 2008

-- CVE ID:
CVE-2008-1584

-- Affected Vendors:
Apple

ZDI-08-057: Apple QuickTime IV32 Codec Parsing Stack Overflow Vulnerability

vulnerable installations of Apple QuickTime. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.

The specific flaw exists within the parsing of QuickTime files that
utilize the Indeo video codec. A lack of proper bounds checking within
QuickTimeInternetExtras.qtx can result in a stack based buffer overflow
leading to arbitrary code execution under the context of the currently
logged in user.

-- Vendor Response:

ZDI-09-090: Microsoft Windows Intel Indeo Codec Parsing Stack Overflow Vulnerability

ZDI-09-090: Microsoft Windows Intel Indeo Codec Parsing Stack Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-090
December 8, 2009

-- Affected Vendors:
Microsoft

-- Affected Products:
Microsoft Windows 2000 SP4
Microsoft Windows XP SP3

ZDI-09-089: Microsoft Windows Intel Indeo Codec Parsing Heap Overflow Vulnerability

ZDI-09-089: Microsoft Windows Intel Indeo Codec Parsing Heap Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-089
December 8, 2009

-- Affected Vendors:
Microsoft

-- Affected Products:
Microsoft Windows 2000 SP4
Microsoft Windows XP SP3

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!