SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   Microsoft DirectX Vendors:   Microsoft
Microsoft DirectShow Buffer Overflow in ActiveX Control Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1022514
SecurityTracker URL:  http://securitytracker.com/id/1022514
CVE Reference:   CVE-2008-0015   (Links to External Site)
Updated:  Aug 18 2009
Original Entry Date:  Jul 6 2009
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   A vulnerability was reported in Microsoft DirectShow. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create specially crafted HTML that, when loaded by the target user, will invoke the Microsoft Video ActiveX control and trigger a buffer overflow in 'msvidctl.dll' to execute arbitrary code on the target system. The code will run with the privileges of the target user.

The CSLID of the affected control is: 0955AC62-BF2E-4CBA-A2B9-A63F772D46CF

This vulnerability is being actively exploited.

Exploit code is publicly available.

Windows Vista, Windows Server 2008, and Windows 2000 SP4 are not affected.

The vendor was notified in Spring [northern hemisphere] 2008 by Ryan Smith and Alex Wheeler with IBM ISS X-Force.

Impact:   A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued the following fixes as part of a cumulative update:

Microsoft Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?familyid=89d941f0-3f71-46e3-8096-716561396b72

Windows XP Service Pack 2 and Windows XP Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=24701af8-b87e-4e85-9463-f50755a1b6ad

Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=2cbf3699-7f79-4006-99e9-0a4c0d394c48

Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=b0a458d6-c34c-41c7-964a-c130cfcb0d01

Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=8b7a7bb0-80ef-4f25-bc70-3d0ac06007c5

Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=7be36edf-02af-402f-983a-f9ca8128b6b5

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=6c90240e-c201-4dad-9835-ea71e3527b45

Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=d2084e8d-212b-4c39-9163-a71ec6d1b1c7

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*:

http://www.microsoft.com/downloads/details.aspx?familyid=0194f994-5821-4fb9-b9e1-ed6af248c995

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2*:

http://www.microsoft.com/downloads/details.aspx?familyid=4127b125-fdaa-489a-a80c-14b5647ac7e0

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=4082c776-318c-4e0c-83fc-2f3f472c039a

A restart may be required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms09-032.mspx

On August 11, 2009, Microsoft issued a fix (MS09-037) for the underlying Active Template Library vulnerability, described in the vendor's advisory at:

http://www.microsoft.com/technet/security/bulletin/ms09-037.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms09-032.mspx (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (2003), Windows (XP)
Underlying OS Comments:  2003 SP2, XP SP3; and prior service packs

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC