Signature Detail

HTTP: MSWebDVD Null Pointer Assignment

This signature detects attempts to exploit a known vulnerability in MSWebDVD, an object in the Microsoft DirectShow API (which enables media-streaming on Microsoft Windows). Attackers can embed malicious JavaScript or VBScript in an HTML document to force the MSWebDVD library to dereference a null pointer; causing the calling application to crash abnormally.

Extended Description

It has been reported that Internet Explorer may be prone to a denial of service vulnerability that may allow remote attackers to cause the browser to crash. The issue exists in the 'MSWebDVD' Object. An attacker may cause a denial of service condition in an instance of Internet Explorer by evoking the method through a malicious site and sending an excessive string value (about 255 characters) in the following manner: object.AcceptParentalLevelChange (boolean value),UserName as string,Password as string Internet Explorer running in Windows XP has been reported to be affected by this issue, however, it is possible that other versions are affected as well. Due to the nature of this issue, it has been conjectured that this vulnerability may be leveraged to execute arbitrary code. This has not been confirmed at the moment.

Affected Products

• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0 SP1

References

• BugTraq: 10056
• URL: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/directx9_c/directx/htm/mswebdvdactivexcontrol.asp