HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2009-49
Remote Code Execution Vulnerability in Microsoft DirectShow

Original Issue Date:April 15, 2009

Severity Rating: High

System Affected

  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Service Pack 3
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows XP Professional x64 Edition Service Pack 2
  • Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 Service Pack 2
  • Microsoft Windows Server 2003 x64 Edition
  • Microsoft Windows Server 2003 x64 Edition Service Pack 2
  • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 with SP2 for Itanium-based Systems

Component Affected

  • DirectX 8.1
  • DirectX 9.0
  • DirectX 9.0a
  • DirectX 9.0b
  • DirectX 9.0c

Overview

A vulnerability has been reported in Microsoft DirectShow which could allow remote attacker to execute arbitrary code on affected systems and to take complete control of affected systems.

Description

Remote Code Execution Vulnerability (CVE-2009-0084)

A remote code execution vulnerability exist in Microsoft DirectShow which could unauthenticated remote attacker to execute arbitrary code. This vulnerability is caused due to an unspecified error while processing a specially crafted compressed MJPEG media file. A remote attacker could exploit this vulnerability by enticing innocent users to open specially crafted MJPEG file. This specially crafted file trigger an unspecified flaw exists in DirectShow and cause memory corruption which could leverage remote attacker to execute arbitrary code on affected system with the privileges of the currently logged-in user.

Workarounds

  • Disable the decoding of MJPEG content in Quartz.dll
  • Unregister quartz.dll

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS09-011

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/Bulletin/ms09-011.mspx

References

 CISCO
http://tools.cisco.com/security/center/viewAlert.x?alertId=18009

VUPEN Security
http://www.vupen.com/english/advisories/2009/1025

SecurityTracker
http://www.securitytracker.com/alerts/2009/Apr/1022040.html

SecurityFocus
http://www.securityfocus.com/bid/34460

IBS ISS
http://www.iss.net/threats/324.html

CVE Name
CVE-2009-0084

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003