Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.800104
Kategorie:Windows : Microsoft Bulletins
Titel:Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)
Zusammenfassung:This host has DirectX installed, which is prone to remote code; execution vulnerabilities.
Beschreibung:Summary:
This host has DirectX installed, which is prone to remote code
execution vulnerabilities.

Vulnerability Insight:
The flaws are due to

- error in the Windows MJPEG Codec when performing error checking on MJPEG
video streams embedded in ASF or AVI media files which can be exploited
with a specially crafted MJPEG file.

- error in the parsing of Class Name variables in Synchronized Accessible
Media Interchange (SAMI) files which can be exploited with a specially
crafted SAMI file.

Vulnerability Impact:
Successful exploitation allows remote attackers to execute arbitrary code when
a user opens a specially crafted media file. An attacker could take complete
control of an affected system.

Affected Software/OS:
DirectX 7.0, 8.1, 9.0, 9.0a, 9.0b and 9.0c on Microsoft Windows 2000

DirectX 9.0, 9.0a, 9.0b and 9.0c on Microsoft Windows XP and 2003

DirectX 10.0 on Microsoft Windows Vista and 2008 Server

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: BugTraq ID: 29581
BugTraq ID: 29578
Common Vulnerability Exposure (CVE) ID: CVE-2008-0011
http://www.securityfocus.com/bid/29581
Cert/CC Advisory: TA08-162B
http://www.us-cert.gov/cas/techalerts/TA08-162B.html
HPdes Security Advisory: HPSBST02344
http://marc.info/?l=bugtraq&m=121380194923597&w=2
HPdes Security Advisory: SSRT080087
Microsoft Security Bulletin: MS08-033
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5236
http://securitytracker.com/id?1020222
http://secunia.com/advisories/30579
http://www.vupen.com/english/advisories/2008/1780
Common Vulnerability Exposure (CVE) ID: CVE-2008-1444
http://www.securityfocus.com/bid/29578
Bugtraq: 20080610 ZDI-08-040: Microsoft DirectX SAMI File Format Name Parsing Stack Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/493250/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-08-040/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5562
http://securitytracker.com/id?1020223
http://securityreason.com/securityalert/3937
CopyrightCopyright (C) 2008 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.