We are working on one of issue reported by one of Security Scan tool, which says that our windows server machine is vulnerable in some versions of Intel Indeo Video that could lead to a denial of service attack.
The flaw lies in ir41_32.ax and can be exploit by a remote attacker and could result in a denial of service condition.After further investigation we got to know its effected version '4.51.16.3'.
But as we are using Windows Server 2008 R2 I am not sure this can be exploited or not, because as per
https://technet.microsoft.com/library/security/954157
the problem does NOT exist on Windows Server 2008.
Hi,
As far as I know, ir41_32.ax 4.51.16.3 for Intel Indeo Video 4.5 allows remote attackers to cause a denial of service (crash) via a crafted .avi file.
If you are not using the above version of Intel Indeo Video, then systems are not affected.
In addition, it is recommended to keep Windows machines fully patched.
More information for you:
Vulnerability Summary for CVE-2014-3735
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3735
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Best Regards,
Hi,
Thanks for reply.
Is it mean that ir41_32.ax 4.51.16.3 can cause trouble in any case if it is available in system irrespective of Windows OS type or version we are using.
Is it mean that ir41_32.ax 4.51.16.3 can cause trouble in any case if it is available in system irrespective of Windows OS type or version we are using.
As the way I see it, yes.
Best Regards,
Amy