Microsoft MJPEG Decoder Vulnerability malicious file buffer overflow
Wednesday, July 2, 2008
Description
Windows is an industry-standard operating system developed by Microsoft. A vulnerability in Microsoft DirectX may allow for remote code-execution attacks. The vulnerability lies in the processing of specially crafted MJPEG streams in AVI or ASF files. A user would have to open a malicious file or visit a Web site streaming a malicious file for an attack to occur.
Type - Buffer Overflow
Impact of exploitation - Remote Code Execution
User Interaction - no user interaction is needed
Attack Vector - Maliciously Crafted File
Rating - Medium
CVE reference - CVE-2008-0011,
Vendor Status - Responded and patched
Vulnerable systems
Windows 2000 Sp4,
Windows XP SP3,
Windows 2003 Sp2,
Windows Vista SP0,
Windows Server 2008
Summary
A vulnerability in Microsoft DirectX may allow for remote code-execution attacks.
Recommendations -
Download and install the patch available from Microsoft (951698): http://www.microsoft.com/technet/security/Bulletin/MS08-033.mspx
Windows is an industry-standard operating system developed by Microsoft. A vulnerability in Microsoft DirectX may allow for remote code-execution attacks. The vulnerability lies in the processing of specially crafted MJPEG streams in AVI or ASF files. A user would have to open a malicious file or visit a Web site streaming a malicious file for an attack to occur.
Type - Buffer Overflow
Impact of exploitation - Remote Code Execution
User Interaction - no user interaction is needed
Attack Vector - Maliciously Crafted File
Rating - Medium
CVE reference - CVE-2008-0011,
Vendor Status - Responded and patched
Vulnerable systems
Windows 2000 Sp4,
Windows XP SP3,
Windows 2003 Sp2,
Windows Vista SP0,
Windows Server 2008
Summary
A vulnerability in Microsoft DirectX may allow for remote code-execution attacks.
Recommendations -
Download and install the patch available from Microsoft (951698): http://www.microsoft.com/technet/security/Bulletin/MS08-033.mspx
