Alias(es)MS.DirectX.DirectShow.Buffer.Overflow.C, MS.DirectX.DirectShow.Buffer.Overflow.B, MS.DirectX.DirectShow.Buffer.Overflow.A |
Release DateAug 10, 2005 |
Severitylow |
ImpactFull compromise of the affected system. |
DescriptionThis indicates a possible exploit of a Heap-based buffer overflow vulnerability in the Quartz.dll used by Microsoft Directshow.There exists two heap overflows in the Quartz.dll which handles Midi file execution for windows applications such as Microsoft DirectShow and Internet Explorer. This could allow an attacker to create a Midi file that would allow the execution of arbitrary code when the file is played. |
Affected ProductsMicrosoft DirectX 5.0 - 9.0a. |
Recommended ActionsApply security patch to the system as given in the Microsoft bulletin MS03-030. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2003-0346 |
Reference/shttp://www.securityfocus.com/bid/8262 (BugTraq)http://technet.microsoft.com/en-us/security/bulletin/MS03-030.mspx (MS-ID) |
