Signature Detail

HTTP: Microsoft Windows DirectShow AVI File Code Execution

This signature detects attempts to exploit a known vulnerability against Microsoft Windows Media Player. A successful attack can lead to arbitrary code execution.

Extended Description

Microsoft Windows is prone to a remote buffer-overflow vulnerability when handling specially crafted Audio Video Interleave (AVI) files. Specifically, this issue arises in the Microsoft MPEG Layer-3 codecs. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file. A successful exploit may allow arbitrary code to run in the context of the currently logged-in user. Failed attack attempts may result in a denial-of-service condition.

Affected Products

• Avaya meeting_exchange-client_registration_server
• Avaya meeting_exchange-recording_server
• Avaya meeting_exchange-streaming_server
• Avaya meeting_exchange-web_conferencing_server
• Avaya meeting_exchange-webportal
• Avaya messaging_application_server 4
• Avaya messaging_application_server 5
• Avaya messaging_application_server MM 1.1
• Avaya messaging_application_server MM 2.0
• Avaya messaging_application_server MM 3.0
• Avaya messaging_application_server MM 3.1
• Avaya messaging_application_server
• Microsoft mpeg_layer-3_codecs
• Microsoft windows_2000_advanced_server SP4
• Microsoft windows_2000_datacenter_server SP4
• Microsoft windows_2000_professional SP4
• Microsoft windows_2000_server SP4
• Microsoft windows_server_2003_x64 SP2
• Microsoft windows_server_2008_for_32-bit_systems SP2
• Microsoft windows_server_2008_for_32-bit_systems
• Microsoft windows_server_2008_for_x64-based_systems SP2
• Microsoft windows_server_2008_for_x64-based_systems
• Microsoft windows_vista Business SP1
• Microsoft windows_vista Business SP2
• Microsoft windows_vista Enterprise SP1
• Microsoft windows_vista Enterprise SP2
• Microsoft windows_vista Home Basic SP1
• Microsoft windows_vista Home Basic SP2
• Microsoft windows_vista Home Premium SP1
• Microsoft windows_vista Home Premium SP2
• Microsoft windows_vista Ultimate SP1
• Microsoft windows_vista Ultimate SP2
• Microsoft windows_vista_business_64-bit_edition SP1
• Microsoft windows_vista_business_64-bit_edition SP2
• Microsoft windows_vista_business_64-bit_edition
• Microsoft windows_vista_enterprise_64-bit_edition SP1
• Microsoft windows_vista_enterprise_64-bit_edition SP2
• Microsoft windows_vista_enterprise_64-bit_edition
• Microsoft windows_vista_home_basic_64-bit_edition SP1
• Microsoft windows_vista_home_basic_64-bit_edition SP2
• Microsoft windows_vista_home_basic_64-bit_edition
• Microsoft windows_vista_home_premium_64-bit_edition SP1
• Microsoft windows_vista_home_premium_64-bit_edition SP2
• Microsoft windows_vista_home_premium_64-bit_edition
• Microsoft windows_vista_ultimate_64-bit_edition SP1
• Microsoft windows_vista_ultimate_64-bit_edition SP2
• Microsoft windows_vista_ultimate_64-bit_edition
• Microsoft windows_xp_home SP2
• Microsoft windows_xp_home SP3
• Microsoft windows_xp_media_center_edition SP2
• Microsoft windows_xp_media_center_edition SP3
• Microsoft windows_xp_professional SP2
• Microsoft windows_xp_professional SP3
• Microsoft windows_xp_professional_x64_edition SP2
• Microsoft windows_xp_tablet_pc_edition SP2
• Microsoft windows_xp_tablet_pc_edition SP3
• Nortel_networks callpilot 1002Rp
• Nortel_networks callpilot 1005R
• Nortel_networks callpilot 201I
• Nortel_networks callpilot 202I
• Nortel_networks callpilot 600R
• Nortel_networks callpilot 702T
• Nortel_networks callpilot 703T
• Nortel_networks contact_center_administration
• Nortel_networks contact_center_express
• Nortel_networks contact_center_manager_server
• Nortel_networks contact_center_ncc
• Nortel_networks contact_center-tapi_server
• Nortel_networks symposium

References

• BugTraq: 39303
• CVE: CVE-2010-0480