Signature Detail

HTTP: Microsoft DirectX SAMI File Parsing Buffer Overflow

This signature detects attempts to exploit a known vulnerability in the Microsoft DirectX SAMI File Parsing Library. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.

Extended Description

Microsoft DirectX is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. The vulnerability occurs when handling malformed SAMI files. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application that uses DirectX. Failed exploit attempts will result in a denial-of-service condition. NOTE: Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option.

Affected Products

• Avaya Messaging Application Server MM 1.1
• Avaya Messaging Application Server MM 2.0
• Avaya Messaging Application Server MM 3.0
• Avaya Messaging Application Server MM 3.1
• Avaya Messaging Application Server
• HP Storage Management Appliance 2.1
• HP Storage Management Appliance I
• HP Storage Management Appliance II
• HP Storage Management Appliance III
• Microsoft DirectX 7.0
• Microsoft DirectX 7.0 a
• Microsoft DirectX 8.1
• Nortel Networks CallPilot 1002Rp
• Nortel Networks CallPilot 200I
• Nortel Networks CallPilot 201I
• Nortel Networks CallPilot 702T
• Nortel Networks CallPilot 703T
• Nortel Networks Centrex IP Client Manager 10.0
• Nortel Networks Centrex IP Client Manager 11.0
• Nortel Networks Centrex IP Client Manager 9.0
• Nortel Networks Contact Center
• Nortel Networks Contact Center Express
• Nortel Networks Contact Center Manager Server
• Nortel Networks Contact Center NCC
• Nortel Networks Contact Center - TAPI Server
• Nortel Networks ENSM - Enterprise NMS 10.4
• Nortel Networks ENSM - Enterprise NMS 10.5
• Nortel Networks Media Processing Server
• Nortel Networks Multimedia Comm MCS5100
• Nortel Networks Self-Service - CCSS7
• Nortel Networks Self-Service CCXML
• Nortel Networks Self-Service MPS 100
• Nortel Networks Self-Service MPS 1000
• Nortel Networks Self-Service MPS 500
• Nortel Networks Self-Service Peri Application
• Nortel Networks Self-Service Peri Workstation
• Nortel Networks Self-Service Speech Server
• Nortel Networks Self Service VoiceXML
• Nortel Networks Self-Service WVADS
• Nortel Networks Symposium Agent

References

• BugTraq: 29578
• CVE: CVE-2008-1444
• URL: http://www.microsoft.com/technet/security/Bulletin/MS08-033.mspx