HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2008-80
Microsoft DirectX MJPEG Decoder and SAMI Format parsing vulnerabilities

Original Issue Date: June 12, 2008

Severity Rating: High

System Affected

  • DirectX 7.0
  • DirectX 8.1
  • DirectX 9.0
  • DirectX 10.0

Overview

Two vulnerabilities have been reported in Microsoft DirectX that could be exploited by an attacker to take complete control of the system and for information disclosure.

Description

 1. MJPEG Decoder Vulnerability (CVE-2008-0011)

An MJPEG file is a media file where a number of JPEG images are connected together to create a video stream. The MJPEG video stream can then be inserted into an AVI or other common video formatted file.

Audio Video Interleave ( AVI ) and Advanced Systems Format ( ASF ) files are two types of multimedia files commonly used by Windows Media Player.

The vulnerability is caused due to the way Windows perform error checking on MJPEG video streams embedded in ASF or AVI media files.

The attacker could exploit this vulnerability by sending a media file specially crafted MJPEG file embedded in it. An attacker could host a website that contains specially crafted contents or could send the file as an attachment in the email and then persuade a user to open the file. Opening such file corrupts system memory to allow execution of arbitrary code.

2. SAMI Format Parsing Vulnerability (CVE-2008-1444)

Microsoft Synchronized Accessible Media Interchange (SAMI) is a media format that allows a content developer to include captions with digital media files. SAMI was designed and developed to caption the digital media widely available in PC systems.

The vulnerability is caused due to insufficient parsing of parameters of Synchronized Accessible Media Interchange (SAMI) file types.

Successful exploitation allows attacker to take complete control of the system.

The attacker could exploit this vulnerability by creating a specially crafted SAMI file. An attacker could host a website that contains specially crafted contents or could send the file as an attachment in the email and then persuade a user to open the file. Opening such file corrupts system memory to allow execution of arbitrary code.

Workarounds

  • Modify the Access Control List for quartz.dll
  • Unregister the quartz.dll

Solution

 Apply appropriate patches as mentioned in Microsoft Security Bulletin MS08-033

Vendor Information

 Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS08-033.mspx

References

Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS08-033.mspx

IBM ISS
http://www.iss.net/threats/295.html
http://www.iss.net/threats/294.html

Secunia
http://secunia.com/advisories/30579/

CVE Name
CVE-2008-0011
CVE-2008-1444

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003