Short Name |
HTTP:STC:DIRECTX-AVI-WAV-PARSE |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft DirectX WAV and AVI File Parsing Code Execution |
Release Date |
2010/10/20 |
Update Number |
1795 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known buffer overflow vulnerability in Microsoft DirectX application framework. It is due to the way certain DirectX libraries handle specially crafted WAV and AVI files. A remote attacker can exploit this by persuading a user to open a specially crafted WAV or AVI file, potentially causing arbitrary code to be injected and executed in the security context of the logged in user. In a successful code injection attack, the behavior of the target host is entirely dependent on the intended function of the injected code and execute within the security context of the current user. In an unsuccessful attack, the application utilizing the vulnerable DirectX library terminates.
Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file.