Unchecked Buffer in Microsoft Windows DirectX Could Enable System Compromise
Original Issue Date: July 26, 2003
Severity Rating: High
- Microsoft DirectX® 5.2 on Windows 98
- Microsoft DirectX 6.1 on Windows 98 SE
- Microsoft DirectX 7.0a on Windows Millennium Edition
- Microsoft DirectX 7.0 on Windows 2000
- Microsoft DirectX 8.1 on Windows XP
- Microsoft DirectX 8.1 on Windows Server 2003
- Microsoft DirectX 9.0a when installed on Windows Millennium Edition
- Microsoft DirectX 9.0a when installed on Windows 2000
- Microsoft DirectX 9.0a when installed on Windows XP
- Microsoft DirectX 9.0a when installed on Windows Server 2003
- Microsoft Windows NT 4.0 with either Windows Media Player 6.4 or Internet Explorer 6 Service Pack 1 installed.
- Microsoft Windows NT 4.0, Terminal Server Edition with either Windows Media Player 6.4 or Internet Explorer 6 Service Pack 1 installed
A set of integer overflows exists in a DirectX library included in Microsoft Windows. An attacker could exploit this vulnerability to execute arbitrary code or to cause a denial of service.
Microsoft Windows operating systems include multimedia technologies called DirectX and DirectShow. According to Microsoft DirectX is made up of a set of low-level Application Programming Interfaces APIs that is used by Windows programs for multimedia support. The DirectShow technology in DirectX performs client-side audio and video sourcing, manipulation, and rendering. There are two buffer overruns that have the same effects in the function that is used by DirectShow to check parameters in a Musical Instrument Digital Interface MIDI file. These buffer overruns may cause a security vulnerability. It would be possible for a malicious user to try to exploit these flaws and run code in the security context of the logged on user.
An attacker could exploit this vulnerability by convincing a victim to access a specially crafted MIDI or HTML file via some malicious website or sending an e-mail message containing crafted MIDI or HTML file. The attacker then could execute arbitrary code with the privileges of the victim. The attacker could also cause a denial of service in any application that uses the vulnerable functions in quartz.dll.
Apply the appropriate patch as specified by Microsoft Security Bulletin MS03-030.
The Microsoft Windows 2000 version of the security patch is included in Windows 2000 Service Pack 4 SP4 .
Microsoft Security Bulletin MS03-030
The information provided herein is on "as is" basis, without warranty of any kind.
Email: email@example.com Phone: +91-11-2436857
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003