HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2009-65
Remote Code Execution Vulnerability in Microsoft DirectShow

Original Issue Date:May 31, 2009

Severity Rating: High

System Affected

  • Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition Service Pack 2
  • Microsoft Windows Server 2003 Service Pack 2
  • Microsoft Windows XP Professional x64 Edition Service Pack 2
  • Microsoft Windows XP SP2 and SP3
  • Microsoft Windows 2000 SP4

Component Affected

  • DirectX 9.0c
  • DirectX 9.0b
  • DirectX 9.0a
  • DirectX 9.0
  • DirectX 8.1
  • DirectX 7.0

Overview

A vulnerability has been reported in Microsoft DirectShow which could allow remote attacker to execute arbitrary code on affected systems in the context of the affected user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

Description

The vulnerability is in the QuickTime parser in Microsoft DirectShow. An attacker could exploit the vulnerability by crafting a malicious webpage which uses the media playback plug-ins to playback a malicious QuickTime file or sending it as an attachment in e-mail. Successful exploitation will execute arbitrary code on the target system.

Workarounds

  • Disable the parsing of QuickTime content in quartz.dll
  • Modify the Access Control List (ACL) on quartz.dll
  • For non-multimedia folder types, the Windows shell attack vector can be mitigated by using Windows Classic Folders
  • For Internet Explorer users, apply the Kill-bit WMP
    ActiveX Control
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
    Explorer\ActiveX Compatibility\{6BF52A52-394A-11D3-B153
    -00C04F79FAA6}]"Compatibility Flags"=dword:00000400
  • Unregister quartz.dll

For detailed steps and impact of applying these workarounds refer to Microsoft Security Advisory 971778

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/advisory/
971778.mspx

References

Microsoft
http://www.microsoft.com/technet/security/advisory/971778.mspx
http://blogs.technet.com/msrc/default.aspx
http://blogs.technet.com/srd/
http://support.microsoft.com/default.aspx/kb/971778

SecurityTracker
http://www.securitytracker.com/alerts/2009/May/1022299.html

SecurityFocus
www.securityfocus.com/bid/35139

CVE Name
CVE-2009-1537

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003