Signature Detail

HTTP: Microsoft DirectX WAV and AVI File Parsing Code Execution (1)

This signature detects attempts to exploit a known buffer overflow vulnerability in Microsoft DirectX application framework. It is due to the way certain DirectX libraries handle specially crafted WAV and AVI files. A remote attacker can exploit this by persuading a user to open a specially crafted WAV or AVI file, potentially causing arbitrary code to be injected and executed in the security context of the logged in user. In a successful code injection attack, the behavior of the target host is entirely dependent on the intended function of the injected code and execute within the security context of the current user. In an unsuccessful attack, the application utilizing the vulnerable DirectX library terminates.