CERT-In Advisory
CIAD-2003-0008
Unchecked Buffer in Microsoft Windows DirectX Could Enable System Compromise
Original Issue Date: July 26, 2003
Severity Rating: High
Systems Affected
- Microsoft DirectX® 5.2 on Windows 98
- Microsoft DirectX 6.1 on Windows 98 SE
- Microsoft DirectX 7.0a on Windows Millennium Edition
- Microsoft DirectX 7.0 on Windows 2000
- Microsoft DirectX 8.1 on Windows XP
- Microsoft DirectX 8.1 on Windows Server 2003
- Microsoft DirectX 9.0a when installed on Windows Millennium Edition
- Microsoft DirectX 9.0a when installed on Windows 2000
- Microsoft DirectX 9.0a when installed on Windows XP
- Microsoft DirectX 9.0a when installed on Windows Server 2003
- Microsoft Windows NT 4.0 with either Windows Media Player 6.4 or Internet Explorer 6 Service Pack 1 installed.
- Microsoft Windows NT 4.0, Terminal Server Edition with either Windows Media Player 6.4 or Internet Explorer 6 Service Pack 1 installed
Overview
A set of integer overflows exists in a DirectX library included in Microsoft Windows. An attacker could exploit this vulnerability to execute arbitrary code or to cause a denial of service.
Description
Microsoft Windows operating systems include multimedia technologies called DirectX and DirectShow. According to Microsoft DirectX is made up of a set of low-level Application Programming Interfaces APIs that is used by Windows programs for multimedia support. The DirectShow technology in DirectX performs client-side audio and video sourcing, manipulation, and rendering. There are two buffer overruns that have the same effects in the function that is used by DirectShow to check parameters in a Musical Instrument Digital Interface MIDI file. These buffer overruns may cause a security vulnerability. It would be possible for a malicious user to try to exploit these flaws and run code in the security context of the logged on user.
Impact
An attacker could exploit this vulnerability by convincing a victim to access a specially crafted MIDI or HTML file via some malicious website or sending an e-mail message containing crafted MIDI or HTML file. The attacker then could execute arbitrary code with the privileges of the victim. The attacker could also cause a denial of service in any application that uses the vulnerable functions in quartz.dll.
Solution
Apply the appropriate patch as specified by Microsoft Security Bulletin MS03-030. The Microsoft Windows 2000 version of the security patch is included in Windows 2000 Service Pack 4 SP4 .
Vendor Information
Microsoft
Microsoft Security Bulletin MS03-030
References
Microsoft Security Bulletin MS03-030
http://www.microsoft.com/technet/security/bulletin/MS03-030.asp
Microsoft Knowledge Base article 819696
http://support.microsoft.com/default.aspx?scid=kb;en-us;819696
CERT/CC Advisory CA-2003-18
http://www.cert.org/advisories/CA-2003-18.html
CERT/CC Vulnerability VU#561284
http://www.kb.cert.org/vuls/id/561284
CERT/CC Vulnerability VU#265232
http://www.kb.cert.org/vuls/id/265232
CVE Vulnerability CAN-2003-0346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-00346
eEye Digital Security advisory AD20030723
http://www.eeye.com/html/Research/Advisories/AD20030723.html
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-2436857
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|