New User, Welcome!     Login

Microsoft DirectX

iDefense Security Advisory 12.11.07: Microsoft DirectX 7 and 8 DirectShow Stack Buffer Overflow Vulnerability

http://labs.idefense.com/intelligence/vulnerabilities/
Dec 11, 2007

I. BACKGROUND

Microsoft DirectShow, part of Microsoft DirectX, is used for the capture
and playback of multimedia streams on Microsoft Windows systems.
Synchronized Accessible Media Interchange (SAMI) is a file format
designed by Microsoft Corp. to deliver captions, subtitles, or audio
descriptions synchronized with digital media content.

ZDI-08-040: Microsoft DirectX SAMI File Format Name Parsing Stack Overflow Vulnerability

ZDI-08-040: Microsoft DirectX SAMI File Format Name Parsing Stack Overflow 
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-040

-- CVE ID:
CVE-2008-1444

-- Affected Vendors:
Microsoft

[security bulletin] HPSBST02299 SSRT071506 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-063 to MS07-069

 -------------------------------------------------
MS Patch - MS07-063 Vulnerability in SMBv2 Could Allow Remote Code Execution (942624) 
Analysis -  SMA does not have this component. Patch will not run successfully.
Action -  Customers should not be concerned with this issue.
 ------------------------------------------------- 
MS Patch - MS07-064 Vulnerabilities in DirectX Could Allow Remote Code Execution (941568) 
Analysis -  Possible security issue exists. Patch will run successfully.
Action -  For SMA v2.1, customers should download patch from Microsoft and install.
 ------------------------------------------------- 
MS Patch - MS07-065 Vulnerability in Message Queuing Could Allow Remote Code Execution (937894)
Analysis -  Possible security issue exists. Patch will run successfully.

[HISPASEC] Blizzard StarCraft Brood War 1.15.1 Remote DoS

from other players (not just the creator of the game). If StarCrafts
download a malformed map from a remote player, it will try to generate
a minimap and enter the DoS condition (this has been confirmed in
testing).

Since StarCraft is a full screen DirectX application a DoS may cause a
need to reboot the whole system on older Windows systems.

Proof of Concept map:
http://blog.hispasec.com/lab/files/SC_PoC_DoS.scm

[security bulletin] HPSBST02344 SSRT080087 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-030 to MS08-036

  -------------------------------------------------
MS Patch - MS08-032 Cumulative Security Update of ActiveX Kill Bits (950760)
Analysis -  Possible security issue exists. Patch will run successfully.
Action - For SMA v2.1, customers should download patch from Microsoft and install. 
  -------------------------------------------------
MS Patch - MS08-033 Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)
Analysis -  Possible security issue exists. Patch will run successfully.
Action - For SMA v2.1, customers should download patch from Microsoft and install. 
  -------------------------------------------------
MS Patch - MS08-034 Vulnerability in WINS Could Allow Elevation of Privilege (948745)
Analysis - SMA does not have this component. Patch will not run successfully.


Copyright © 1995-2013 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!