Secunia Security Advisory - A vulnerability has been reported in Microsoft DirectX, which can be exploited by malicious people to compromise a user's system.
2ac115f287f64a7be6151fb6562df9e53b5bc877a14143faf2c1b0f8f82bfe46
----------------------------------------------------------------------
Secunia integrated with Microsoft WSUS
http://secunia.com/blog/71/
----------------------------------------------------------------------
TITLE:
Microsoft DirectShow AVI File Parsing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA38511
VERIFY ADVISORY:
http://secunia.com/advisories/38511/
DESCRIPTION:
A vulnerability has been reported in Microsoft DirectX, which can be
exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error when parsing AVI files
and can be exploited to cause a heap-based buffer overflow.
Successful exploitation allows execution of arbitrary code.
SOLUTION:
Apply patches.
-- Windows 2000 SP4 --
AVI Filter:
http://www.microsoft.com/downloads/details.aspx?familyid=ba110440-10ce-40a0-884a-8b9afd45a3e3
Quartz:
http://www.microsoft.com/downloads/details.aspx?familyid=16787c93-2c95-4c13-8492-be1db9d18146
Quartz in DirectX 9.0:
http://www.microsoft.com/downloads/details.aspx?familyid=59a8bc19-02bb-4800-bac1-464f59e1cb7b
-- Windows XP SP2/SP3 --
AVI Filter:
http://www.microsoft.com/downloads/details.aspx?familyid=a9beb2bd-e5f6-43f9-bbcc-a2afee5e5ceb
Quartz:
http://www.microsoft.com/downloads/details.aspx?familyid=7ab53be3-3f42-4e61-a2bc-3ed41d8736ff
-- Windows XP Professional x64 Edition SP2 --
AVI Filter:
http://www.microsoft.com/downloads/details.aspx?familyid=dedc3010-a989-45f7-b9d4-f7079db3e572
Quartz:
http://www.microsoft.com/downloads/details.aspx?familyid=7543e819-cd36-4e89-9850-60f00c50999d
-- Windows Server 2003 SP2 --
AVI Filter:
http://www.microsoft.com/downloads/details.aspx?familyid=cc5150d7-070e-4a87-9c02-d050a8cb2204
Quartz:
http://www.microsoft.com/downloads/details.aspx?familyid=983c5484-6321-4765-97ec-8d42d42d1f70
-- Windows Server 2003 x64 Edition SP2 --
AVI Filter:
http://www.microsoft.com/downloads/details.aspx?familyid=db13e99b-2f2a-4474-8d6e-271b025bd07f
Quartz:
http://www.microsoft.com/downloads/details.aspx?familyid=7dc20252-6091-407b-befc-c25e8f5d3fb0
-- Windows Server 2003 with SP2 for Itanium-based Systems --
AVI Filter:
http://www.microsoft.com/downloads/details.aspx?familyid=aec66173-e2c6-4c39-8d60-8fbef6d7b764
Quartz:
http://www.microsoft.com/downloads/details.aspx?familyid=b1a7533a-913f-4054-b579-489a257bae5f
-- Windows Vista (optionally with SP1/SP2) --
Quartz:
http://www.microsoft.com/downloads/details.aspx?familyid=7130ce0f-df38-4c96-ac54-cdbff35f03e7
-- Windows Vista x64 Edition (optionally with SP1/SP2) --
Quartz:
http://www.microsoft.com/downloads/details.aspx?familyid=de7b7c8f-bd0a-4e13-bd58-d95507a6274b
-- Windows Server 2008 for 32-bit Systems (optionally with SP2) --
Quartz:
http://www.microsoft.com/downloads/details.aspx?familyid=5ac0a948-0bdc-4c10-9b88-16a5d7092e47
-- Windows Server 2008 for x64-based Systems (optionally with SP2)
--
Quartz:
http://www.microsoft.com/downloads/details.aspx?familyid=362fea40-649b-4471-aad7-db29edd0ac10
-- Windows Server 2008 for Itanium-based Systems (optionally with
SP2) --
Quartz:
http://www.microsoft.com/downloads/details.aspx?familyid=effa638b-cfc1-4777-8219-7b433ed5e717
-- Windows 7 for 32-bit Systems --
Quartz:
http://www.microsoft.com/downloads/details.aspx?familyid=4ec49aa2-81df-4e65-80da-6201394c4089
-- Windows 7 for x64-based Systems --
Quartz:
http://www.microsoft.com/downloads/details.aspx?familyid=a8a2519c-3b89-4987-9473-920adafc78cb
-- Windows Server 2008 R2 for x64-based Systems --
Quartz:
http://www.microsoft.com/downloads/details.aspx?familyid=a9811baa-1500-4c73-940b-57f8c5456891
-- Windows Server 2008 R2 for Itanium-based Systems --
Quartz:
http://www.microsoft.com/downloads/details.aspx?familyid=2ed23bf5-6217-413c-a7ba-eccc82139d68
PROVIDED AND/OR DISCOVERED BY:
The vendor credits ZDI.
ORIGINAL ADVISORY:
MS10-013 (KB977935, KB977914, KB975560):
http://www.microsoft.com/technet/security/Bulletin/MS10-013.mspx
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------