Signature Detail

HTTP: Microsoft DirectX SAMI File Parsing Code Execution

This signature detects attempts to exploit a known buffer overflow vulnerability in Microsoft DirectX application framework. A successful attack can lead to arbitrary code execution.

Extended Description

DirectX is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data An attacker could exploit this issue to execute arbitrary code within the privileges of the currently logged-in user. Failed exploit attempts may crash the application. NOTE: Windows Media Player 6.4 on Windows 2000 was previously stated not to be an attack vector. The vendor has corrected this information to state that it is a possible attack vector.

Affected Products

• Avaya messaging_application_server MM 1.1
• Avaya messaging_application_server MM 2.0
• Avaya messaging_application_server MM 3.0
• Avaya messaging_application_server MM 3.1
• Avaya messaging_application_server
• Hp storage_management_appliance 2.1
• Hp storage_management_appliance I
• Hp storage_management_appliance II
• Hp storage_management_appliance III
• Microsoft directx 7.0
• Microsoft directx 8.1
• Nortel_networks callpilot 1002Rp
• Nortel_networks callpilot 200I
• Nortel_networks callpilot 201I
• Nortel_networks callpilot 702T
• Nortel_networks callpilot 703T
• Nortel_networks centrex_ip_client_manager 10.0
• Nortel_networks centrex_ip_client_manager 9.0

References

• BugTraq: 26789
• BugTraq: 49149
• CVE: CVE-2007-3901
• URL: http://labs.mwrinfosecurity.com/files/Advisories/mwri_mplayer-sami-subtitles_2011-08-12.pdf