Signature Detail

HTTP: Malformed AVI/RIFF File

This signature detects attempts to exploit a known vulnerability in Microsoft DirectShow. It is caused by improper handling of compressed data in media files. An attacker can exploit this vulnerability by enticing a target user to open specially crafted media file. A successful exploit can result in arbitrary code execution.

Extended Description

Microsoft Windows is prone to a remote code-execution vulnerability when handling compressed media files. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file. A successful exploit may allow arbitrary code to run in the context of the currently logged-in user. Failed attack attempts may result in a denial-of-service condition.

Affected Products

• Avaya Meeting Exchange - Client Registration Server
• Avaya Meeting Exchange - Recording Server
• Avaya Meeting Exchange - Streaming Server
• Avaya Meeting Exchange - Web Conferencing Server
• Avaya Meeting Exchange - Webportal
• Avaya Messaging Application Server 4
• Avaya Messaging Application Server 5
• Avaya Messaging Application Server MM 1.1
• Avaya Messaging Application Server MM 2.0
• Avaya Messaging Application Server MM 3.0
• Avaya Messaging Application Server MM 3.1
• Avaya Messaging Application Server
• Microsoft Asycfilt.dll
• Microsoft Quartz
• Microsoft Windows 2000 Professional SP1
• Microsoft Windows 2000 Professional SP2
• Microsoft Windows 2000 Professional SP3
• Microsoft Windows 2000 Professional SP4
• Microsoft Windows 2000 Professional
• Microsoft Windows 7 for 32-bit Systems
• Microsoft Windows 7 for Itanium-based Systems
• Microsoft Windows 7 for x64-based Systems
• Microsoft Windows Media Encoder 9
• Microsoft Windows Media Encoder 9 X64
• Microsoft Windows Media Format Runtime 11
• Microsoft Windows Media Format Runtime 9
• Microsoft Windows Media Format Runtime 9.5
• Microsoft Windows Server 2003 SP1
• Microsoft Windows Server 2003 SP2
• Microsoft Windows Server 2003 Datacenter Edition SP1
• Microsoft Windows Server 2003 Datacenter Edition
• Microsoft Windows Server 2003 Datacenter Edition Itanium SP1
• Microsoft Windows Server 2003 Datacenter Edition Itanium
• Microsoft Windows Server 2003 Datacenter x64 Edition SP2
• Microsoft Windows Server 2003 Datacenter x64 Edition
• Microsoft Windows Server 2003 Enterprise Edition SP1
• Microsoft Windows Server 2003 Enterprise Edition
• Microsoft Windows Server 2003 Enterprise Edition Itanium SP1
• Microsoft Windows Server 2003 Enterprise Edition Itanium
• Microsoft Windows Server 2003 Enterprise x64 Edition SP2
• Microsoft Windows Server 2003 Enterprise x64 Edition
• Microsoft Windows Server 2003 Itanium SP1
• Microsoft Windows Server 2003 Itanium SP2
• Microsoft Windows Server 2003 Itanium
• Microsoft Windows Server 2003 Standard Edition SP1
• Microsoft Windows Server 2003 Standard Edition SP2
• Microsoft Windows Server 2003 Standard Edition
• Microsoft Windows Server 2003 Standard x64 Edition
• Microsoft Windows Server 2003 Web Edition SP1
• Microsoft Windows Server 2003 Web Edition SP2
• Microsoft Windows Server 2003 Web Edition
• Microsoft Windows Server 2003 x64 SP1
• Microsoft Windows Server 2003 x64 SP2
• Microsoft Windows Server 2008 Datacenter Edition SP2
• Microsoft Windows Server 2008 Datacenter Edition
• Microsoft Windows Server 2008 Enterprise Edition SP2
• Microsoft Windows Server 2008 Enterprise Edition
• Microsoft Windows Server 2008 for 32-bit Systems SP2
• Microsoft Windows Server 2008 for 32-bit Systems
• Microsoft Windows Server 2008 for Itanium-based Systems R2
• Microsoft Windows Server 2008 for Itanium-based Systems SP2
• Microsoft Windows Server 2008 for Itanium-based Systems
• Microsoft Windows Server 2008 for x64-based Systems R2
• Microsoft Windows Server 2008 for x64-based Systems SP2
• Microsoft Windows Server 2008 for x64-based Systems
• Microsoft Windows Server 2008 Standard Edition SP2
• Microsoft Windows Server 2008 Standard Edition
• Microsoft Windows Vista Business
• Microsoft Windows Vista Business SP1
• Microsoft Windows Vista Business SP2
• Microsoft Windows Vista Enterprise
• Microsoft Windows Vista Enterprise SP1
• Microsoft Windows Vista Enterprise SP2
• Microsoft Windows Vista Home Basic
• Microsoft Windows Vista Home Basic SP1
• Microsoft Windows Vista Home Basic SP2
• Microsoft Windows Vista Home Premium
• Microsoft Windows Vista Home Premium SP1
• Microsoft Windows Vista Home Premium SP2
• Microsoft Windows Vista SP1
• Microsoft Windows Vista SP2
• Microsoft Windows Vista Ultimate
• Microsoft Windows Vista Ultimate SP1
• Microsoft Windows Vista Ultimate SP2
• Microsoft Windows Vista
• Microsoft Windows Vista Business 64-bit edition SP1
• Microsoft Windows Vista Business 64-bit edition SP2
• Microsoft Windows Vista Business 64-bit edition
• Microsoft Windows Vista Enterprise 64-bit edition SP1
• Microsoft Windows Vista Enterprise 64-bit edition SP2
• Microsoft Windows Vista Enterprise 64-bit edition
• Microsoft Windows Vista Home Basic 64-bit edition SP1
• Microsoft Windows Vista Home Basic 64-bit edition SP2
• Microsoft Windows Vista Home Basic 64-bit edition
• Microsoft Windows Vista Home Premium 64-bit edition SP1
• Microsoft Windows Vista Home Premium 64-bit edition SP2
• Microsoft Windows Vista Home Premium 64-bit edition
• Microsoft Windows Vista Ultimate 64-bit edition SP1
• Microsoft Windows Vista Ultimate 64-bit edition SP2
• Microsoft Windows Vista Ultimate 64-bit edition
• Microsoft Windows Vista x64 Edition SP1
• Microsoft Windows Vista x64 Edition SP2
• Microsoft Windows Vista x64 Edition
• Microsoft Windows XP
• Microsoft Windows XP 64-bit Edition SP1
• Microsoft Windows XP 64-bit Edition
• Microsoft Windows XP Home SP1
• Microsoft Windows XP Home SP2
• Microsoft Windows XP Home SP3
• Microsoft Windows XP Home
• Microsoft Windows XP Media Center Edition SP1
• Microsoft Windows XP Media Center Edition SP2
• Microsoft Windows XP Media Center Edition SP3
• Microsoft Windows XP Media Center Edition
• Microsoft Windows XP Professional SP1
• Microsoft Windows XP Professional SP2
• Microsoft Windows XP Professional SP3
• Microsoft Windows XP Professional
• Microsoft Windows XP Professional x64 Edition SP2
• Microsoft Windows XP Professional x64 Edition SP3
• Microsoft Windows XP Professional x64 Edition

References

• BugTraq: 40432
• CVE: CVE-2010-1879