| Name | MS.DirectX.MJPEG.Stream.Handling.Code.Execution |
| Last Updated Date | Nov 19, 2009 |
| Release Date | Jul 29, 2008 |
| Severity | Critical |
| Impact | System Compromise |
| Description | This indicates an attack attempt against a buffer-overflow vulnerability in Microsoft DirectX.
The vulnerability is caused by an error when the vulnerable software handles crafted MJPEG streams. It allows a remote attacker to execute arbitrary code by sending a crafted AVI file. |
| Affected Products | Microsoft DirectX 9.0b
Microsoft DirectX 9.0 c
Microsoft DirectX 9.0 a
Microsoft DirectX 9.0
Microsoft DirectX 8.1 b
Microsoft DirectX 8.1 a
Microsoft DirectX 8.1
Microsoft DirectX 10.0 |
| Recommended Actions | Apply the patch supplied by the vendor:
http://www.microsoft.com/technet/security/Bulletin/MS08-033.mspx. |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0011
|
| Microsoft Bulletin ID | MS08-033 http://www.microsoft.com/technet/security/Bulletin/ms08-033.mspx |
| Reference/s | http://www.securityfocus.com/bid/29581 (BugTraq)
http://www.vupen.com/english/advisories/2008/1780 (FrSIRT)
|