This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:STC:DL:AVI-LIST-OF
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Microsoft Windows AVI File List Length Integer Overflow
|
Release Date |
2009/10/20
|
Update Number |
1527
|
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Microsoft Windows AVI File List Length Integer Overflow
This signature detects attempts to exploit a known vulnerability in the Microsoft Windows AVI API. A successful attack can lead to a buffer overflow and arbitrary remote code execution.
Extended Description
Microsoft Windows is prone to a remote integer-overflow vulnerability that arises when an affected Windows component handles a malicious Audio Video Interleave (AVI) file.
An attacker can exploit this issue to execute arbitrary code with the privileges of the affected user. Failed exploit attempts will result in a denial-of-service condition.
NOTE: Since the affected Windows operating system component is independent of Windows Media Player, this issue does not specifically affect Windows Media Player.
Affected Products
- Microsoft windows_2000_advanced_server SP4
- Microsoft windows_2000_datacenter_server SP4
- Microsoft windows_2000_professional SP4
- Microsoft windows_2000_server SP4
- Microsoft windows_server_2003 SP2
- Microsoft windows_server_2003_itanium SP2
- Microsoft windows_server_2003_x64 SP2
- Microsoft windows_server_2008_for_32-bit_systems SP2
- Microsoft windows_server_2008_for_32-bit_systems
- Microsoft windows_server_2008_for_itanium-based_systems SP2
- Microsoft windows_server_2008_for_itanium-based_systems
- Microsoft windows_server_2008_for_x64-based_systems SP2
- Microsoft windows_server_2008_for_x64-based_systems
- Microsoft windows_vista Business
- Microsoft windows_vista Business SP1
- Microsoft windows_vista Business SP2
- Microsoft windows_vista Enterprise
- Microsoft windows_vista Enterprise SP1
- Microsoft windows_vista Enterprise SP2
- Microsoft windows_vista Home Basic
- Microsoft windows_vista Home Basic SP1
- Microsoft windows_vista Home Basic SP2
- Microsoft windows_vista Home Premium
- Microsoft windows_vista Home Premium SP1
- Microsoft windows_vista Home Premium SP2
- Microsoft windows_vista Ultimate
- Microsoft windows_vista Ultimate SP1
- Microsoft windows_vista Ultimate SP2
- Microsoft windows_vista_x64_edition SP1
- Microsoft windows_vista_x64_edition SP2
- Microsoft windows_vista_x64_edition
- Microsoft windows_xp_home SP2
- Microsoft windows_xp_home SP3
- Microsoft windows_xp_media_center_edition SP2
- Microsoft windows_xp_media_center_edition SP3
- Microsoft windows_xp_professional SP2
- Microsoft windows_xp_professional SP3
- Microsoft windows_xp_professional_x64_edition SP2
- Microsoft windows_xp_tablet_pc_edition SP2
- Microsoft windows_xp_tablet_pc_edition SP3
- Nortel_networks callpilot 1002Rp
- Nortel_networks callpilot 1005R
- Nortel_networks callpilot 201I
- Nortel_networks callpilot 202I
- Nortel_networks callpilot 600R
- Nortel_networks callpilot 702T
- Nortel_networks contact_center_administration
- Nortel_networks contact_center_express
- Nortel_networks contact_center_manager_server
- Nortel_networks contact_center_ncc
- Nortel_networks contact_center-tapi_server
- Nortel_networks media_processing_svr_100
- Nortel_networks media_processing_svr_1000_rel 3.0
- Nortel_networks media_processing_svr_500_rel 3.0
- Nortel_networks self-service-ccss7
- Nortel_networks self-service_ccxml
- Nortel_networks self-service_mps_100
- Nortel_networks self-service_mps_1000
- Nortel_networks self-service_mps_500
- Nortel_networks self-service_peri_application
- Nortel_networks self-service_peri_nt_server
- Nortel_networks self-service_peri_workstation
- Nortel_networks self-service_speech_server
- Nortel_networks self_service_voicexml
- Nortel_networks self-service_wvads
- Nortel_networks symposium_agent
References