Signature Detail

HTTP: Microsoft DirectX Media DXTMSFT.DLL Unsafe ActiveX Control DoS

This signature detects attempts to use unsafe ActiveX controls against Microsoft DirectX Media DXTMSFT.DLL. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

Microsoft DirectX Media ActiveX control is prone to multiple denial-of-service vulnerabilities because it fails to perform adequate checks on user-supplied data. Successfully exploiting these issues allows remote attackers to crash applications using the affected ActiveX control (typically Internet Explorer). Given the nature of these issues, attackers may also be able to execute code, but this has not been confirmed.

Affected Products

• Microsoft Windows XP
• Microsoft Windows XP 64-bit Edition SP1
• Microsoft Windows XP 64-bit Edition
• Microsoft Windows XP 64-bit Edition Version 2003 SP1
• Microsoft Windows XP 64-bit Edition Version 2003
• Microsoft Windows XP Embedded SP1
• Microsoft Windows XP Embedded
• Microsoft Windows XP Gold
• Microsoft Windows XP Home SP1
• Microsoft Windows XP Home SP2
• Microsoft Windows XP Home
• Microsoft Windows XP Media Center Edition SP1
• Microsoft Windows XP Media Center Edition SP2
• Microsoft Windows XP Media Center Edition
• Microsoft Windows XP Professional SP1
• Microsoft Windows XP Professional SP2
• Microsoft Windows XP Professional
• Microsoft Windows XP Professional x64 Edition SP2
• Microsoft Windows XP Professional x64 Edition
• Microsoft Windows XP Tablet PC Edition SP1
• Microsoft Windows XP Tablet PC Edition SP2
• Microsoft Windows XP Tablet PC Edition

References

• BugTraq: 24188