MS03-030 Uncheck Buffer In DirectX

By Steven
in Back Page News

 Share

Recommended Posts

Grand Master

Steven

Posted
Posted

Microsoft Security Bulletin MS03-030 Print

Unchecked Buffer in DirectX Could Enable System Compromise (819696)

Originally posted: July 23, 2003

Summary

Who should read this bulletin: Customers using Microsoft? Windows?

Impact of vulnerability: Allow an attacker to execute code on a user?s system

Maximum Severity Rating: Critical

Recommendation: Customers should apply the security patch immediately

Affected Software:

Microsoft DirectX? 5.2 on Windows 98

Microsoft DirectX 6.1 on Windows 98 SE

Microsoft DirectX 7.0a on Windows Millennium Edition

Microsoft DirectX 7.0 on Windows 2000

Microsoft DirectX 8.1 on Windows XP

Microsoft DirectX 8.1 on Windows Server 2003

Microsoft DirectX 9.0a when installed on Windows Millennium Edition

Microsoft DirectX 9.0a when installed on Windows 2000

Microsoft DirectX 9.0a when installed on Windows XP

Microsoft DirectX 9.0a when installed on Windows Server 2003

Microsoft Windows NT 4.0 with either Windows Media Player 6.4 or Internet Explorer 6 Service Pack 1 installed.

Microsoft Windows NT 4.0, Terminal Server Edition with either Windows Media Player 6.4 or Internet Explorer 6 Service Pack 1 installed.

Technical description:

DirectX consists of a set of low-level Application Programming Interfaces (APIs) that are used by Windows programs for multimedia support. Within DirectX, the DirectShow technology performs client-side audio and video sourcing, manipulation, and rendering.

There are two buffer overruns with identical effects in the function used by DirectShow to check parameters in a Musical Instrument Digital Interface (MIDI) file. A security vulnerability results because it could be possible for a malicious user to attempt to exploit these flaws and execute code in the security context of the logged-on user.

An attacker could seek to exploit this vulnerability by creating a specially crafted MIDI file designed to exploit this vulnerability and then host it on a Web site or on a network share, or send it by using an HTML-based e-mail. In the case where the file was hosted on a Web site or network share, the user would need to open the specially crafted file. If the file was embedded in a page the vulnerability could be exploited when a user visited the Web page. In the HTML-based e-mail case, the vulnerability could be exploited when a user opened or previewed the HTML-based e-mail. A successful attack could cause DirectShow, or an application making use of DirectShow, to fail. A successful attack could also cause an attacker?s code to run on the user?s computer in the security context of the user.

http://microsoft.com/technet/treeview/defa...in/MS03-030.asp

Link to comment
https://www.neowin.net/forum/topic/93793-ms03-030-uncheck-buffer-in-directx/
Share on other sites
Experienced

C:Amie

Posted
Posted

Affected Systems:

DirectX 7.0

DirectX 8.x

DirectX 9.0

Windows Millennium

Windows NT 4.0 ( :blink: )

Windows 2000

windows XP

Windows 2003

An identified security issue in Microsoft DirectX could allow an attacker to run programs on a computer running Microsoft Windows. The attacker would first have to send you an e-mail message or entice you into visiting a malicious Web site. You can help protect your computer by installing this update from Microsoft

Download size: 948 KB

KB: Q819696

Alt: Windows Update

Yes, you read right, a DirectX update for NT 4

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.