DirectX consists of a set of low-level Application Programming Interfaces (APIs) used by Windows programs for multimedia support. Within DirectX, the DirectShow technology performs client-side audio and video sourcing, manipulation and rendering. There are two buffer overruns with identical effects in the function used by DirectShow to check parameters in a Musical Instrument Digital Interface (MIDI) file. A security vulnerability results because it would be possible for a malicious user to attempt to exploit these flaws and execute code in the security context of the logged on user.
An attacker could seek to exploit this vulnerability by creating a specially crafted MIDI file designed to exploit this vulnerability and then host it on a Web site or on a network share, or send it via an HTML email. In the case where the file was hosted on a web site or network share, the user would need to open the specially crafted file. If the file was embedded in a page, the vulnerability could be exploited when a user visited the Web page. In the HTML E-mail case, the vulnerability could be exploited when a user opened or previewed the HTML e-mail. A successful attack could have the effect of either causing DirectShow, or an application making use of DirectShow, to fail, or causing an attacker's code to run on the user's computer in the security context of the user.
View: Knowledge Base Article