Signature Detail

HTTP: Microsoft DirectX SAMI File Parsing Code Execution

This signature detects attempts to exploit a known buffer overflow vulnerability in Microsoft DirectX application framework. A successful attack can lead to arbitrary code execution.

Extended Description

DirectX is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data An attacker could exploit this issue to execute arbitrary code within the privileges of the currently logged-in user. Failed exploit attempts may crash the application. NOTE: Windows Media Player 6.4 on Windows 2000 was previously stated not to be an attack vector. The vendor has corrected this information to state that it is a possible attack vector.

Affected Products

• Avaya Messaging Application Server MM 1.1
• Avaya Messaging Application Server MM 2.0
• Avaya Messaging Application Server MM 3.0
• Avaya Messaging Application Server MM 3.1
• Avaya Messaging Application Server
• HP Storage Management Appliance 2.1
• HP Storage Management Appliance I
• HP Storage Management Appliance II
• HP Storage Management Appliance III
• Microsoft DirectX 7.0
• Microsoft DirectX 8.1
• Nortel Networks CallPilot 1002Rp
• Nortel Networks CallPilot 200I
• Nortel Networks CallPilot 201I
• Nortel Networks CallPilot 702T
• Nortel Networks CallPilot 703T
• Nortel Networks Centrex IP Client Manager 10.0
• Nortel Networks Centrex IP Client Manager 9.0

References

• BugTraq: 49149
• BugTraq: 26789
• CVE: CVE-2007-3901