DirectX consists of a set of low-level Application Programming Interfaces (APIs) used by Windows programs for multimedia support. Within DirectX, the DirectShow technology performs client-side audio and video sourcing, manipulation and rendering. There are two buffer overruns with identical effects in the function used by DirectShow to check parameters in a Musical Instrument Digital Interface (MIDI) file. A security vulnerability results because it would be possible for a malicious user to attempt to exploit these flaws and execute code in the security context of the logged on user.
An attacker could seek to exploit this vulnerability by creating a specially crafted MIDI file designed to exploit this vulnerability and then host it on a Web site or on a network share, or send it via an HTML email. In the case where the file was hosted on a web site or network share, the user would need to open the specially crafted file. If the file was embedded in a page, the vulnerability could be exploited when a user visited the Web page. In the HTML E-mail case, the vulnerability could be exploited when a user opened or previewed the HTML e-mail. A successful attack could have the effect of either causing DirectShow, or an application making use of DirectShow, to fail, or causing an attacker's code to run on the user's computer in the security context of the user.
Download: Security Fix for DirectX 8 on 98/ME/W2K (KB819696)
View: Knowledge Base Article
An attacker could seek to exploit this vulnerability by creating a specially crafted MIDI file designed to exploit this vulnerability and then host it on a Web site or on a network share, or send it via an HTML email. In the case where the file was hosted on a web site or network share, the user would need to open the specially crafted file. If the file was embedded in a page, the vulnerability could be exploited when a user visited the Web page. In the HTML E-mail case, the vulnerability could be exploited when a user opened or previewed the HTML e-mail. A successful attack could have the effect of either causing DirectShow, or an application making use of DirectShow, to fail, or causing an attacker's code to run on the user's computer in the security context of the user.
Download: Security Fix for DirectX 8 on 98/ME/W2K (KB819696) View: Knowledge Base Article
Key Features:
You can open frequently used applications and documents from the keyboard, without having to memorize a multitude of hotkeys or keystrokes.
You can use hotkeys to launch an application or group of programs, documents, and folders.
You can slam the mouse up to the top of the screen, without regard to how high you slam it, and use middle mouse button to call up this app.
Last Review : December 21, 2004
Revision : 8.2
Old news is so exciting!
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.