Release DateJun 08, 2009 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attempt to exploit a NULL-byte-overwrite vulnerability in Microsoft DirectShow.The vulnerability is caused by an error that occurs when the affected software handles specially crafted QuickTime files. Successful exploitation may lead to remote code execution. |
Affected ProductsDirectX 7.0 on Microsoft Windows 2000 Service Pack 4DirectX 8.1 on Microsoft Windows 2000 Service Pack 4 DirectX 9.0* on Microsoft Windows 2000 Service Pack 4 DirectX 9.0* on Windows XP Service Pack 2 and Windows XP Service Pack 3 DirectX 9.0* on Windows XP Professional x64 Edition Service Pack 2 DirectX 9.0* on Windows Server 2003 Service Pack 2 DirectX 9.0* on Windows Server 2003 x64 Edition Service Pack 2 DirectX 9.0* on Windows Server 2003 with SP2 for Itanium-based Systems |
Recommended ActionsSee the Microsoft Security Advisory for this issue:http://www.microsoft.com/technet/security/advisory/971778.mspx |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2009-1537 |
Reference/shttp://www.securityfocus.com/bid/35139 (BugTraq)http://technet.microsoft.com/en-us/security/bulletin/MS09-028.mspx (MS-ID) |
