Microsoft Indeo Codec Memory Corruption Vulnerability
10 Dec. 2009
Summary
The Indeo codec on systems running Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow code to run on users systems when opening specially crafted content.
Vulnerable Systems:
* Microsoft Windows 2000 Service Pack 4
* Microsoft Windows XP Service Pack 2 and 3
* Microsoft Windows Server 2003 Service Pack 2
* Windows Server 2003 with SP2 for Itanium-based Systems
Immune Systems:
* Windows Vista
* Windows Vista x64 Edition
* Windows Server 2008 for 32-bit Systems
* Windows Server 2008 for x64-based Systems
* Windows 7
* Windows Server 2008 R2
The update blocks the Indeo codec from being launched in Internet Explorer or Windows Media player. The update also removes the ability for this codec to be loaded when browsing the Internet with any other applications. By only allowing applications to use the Indeo codec when the media content is from the local system or from the intranet zone, and by preventing Internet Explorer and Windows Media Player from launching the codec at all, this update removes the most common remote attack vectors but still allows games or other applications that leverage the codec locally to continue to function.
The update is available through automatic updating and from the Microsoft Download Center. Customers who have automatic updating enabled will not need to take any action because this security update will be downloaded and installed automatically. For more information about this issue, including download links for this non-security update, see Microsoft Knowledge Base Article 954157 http://support.microsoft.com/kb/954157
The Indeo codec may be used and may be required by certain applications in multiple ways. The Indeo codec may be required when visiting legitimate Web sites, and in corporate environment line-of-business applications. This is likely to be a more common scenario for customers running older operating systems. Therefore, this update is being offered to customers on older operating systems automatically, but will still allow the codec to function in line-of-business application scenarios. On the other hand, customers who do not have a use for the codec may choose to take an additional step and deregister the codec completely. Deregistering the codec would remove all attack vectors that leverage the Indeo codec. See Microsoft Knowledge Base Article 954157 for directions on how to deregister the codec.
-------------------------------------------------------------------------------------------------------------------------------
This vulnerability and over 10,000 others are identified and reported by AVDS, the most technically sophisticated network vulnerability assessment and management system available.
*