vulnerable installations of Microsoft Windows Media Player. User
interaction is required to exploit this vulnerability in that the target
must visit a malicious page or open a malicious file.
The specific flaw exists within the Intel Indeo41 codec which is
accessed by various applications through the Video Compression Manager.
This codec is registered to handle IV41 streams within a container such
as the AVI format. While decompressing a video stream malicious data can
cause a loop to execute excessively and consequently corrupt the
application's stack. By providing specific values this can lead to an
exploitable condition which can be leveraged by attackers to execute
vulnerable installations of Microsoft Windows Media Player. User
interaction is required to exploit this vulnerability in that the target
must visit a malicious page or open a malicious file.
The specific flaw exists within the Intel Indeo41 codec which is
accessed by various applications through the Video Compression Manager.
This codec is registered to handle IV41 streams within a container such
as the AVI format. Due to the lack of bounds checking on a specified
size within the 'movi' record a heap overflow can occur. If successfully
exploited this vulnerability can allow attackers to execute arbitrary
code under the context of the user accessing the file.
