Vulnerability Note VU#265232
Microsoft Windows DirectX MIDI library does not adequately validate MThd track values in MIDI files
A Microsoft Windows DirectX library, quartz.dll, does not properly validate the number of tracks value in Musical Instrument Digital Interface (MIDI) files. An attacker could exploit this vulnerability to execute arbitrary code or crash any application using the library, causing a denial of service.
Microsoft Windows operating systems includes multimedia technologies called DirectX and DirectShow. From MS03-030,
DirectX consists of a set of low-level Application Programming Interfaces (APIs) that are used by Windows programs for multimedia support. Within DirectX, the DirectShow technology performs client-side audio and video sourcing, manipulation, and rendering.
Any application that uses DirectX/DirectShow to process MIDI files could be affected by this vulnerability. Of particular concern, Internet Explorer (IE) loads the vulnerable library to process MIDI files embedded in HTML documents. An attacker could therefore exploit this vulnerability by convincing a victim to view an HTML document (web page, HTML email message) containing an embedded MIDI file. Note that a number of applications (Outlook, Outlook Express, Eudora, AOL, Lotus Notes, Adobe PhotoDeluxe, others) use the IE HTML rendering engine (WebBrowser ActiveX control) to interpret HTML documents.
A similar vulnerability in quartz.dll is documented in VU#561284.
By convincing a victim to access a specially crafted MIDI or HTML file, an attacker could execute arbitrary code with the privileges of the victim. The attacker could also cause a denial of service in any application that uses the vulnerable library.
Apply a patch or upgrade
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||25 Jul 2003|
CVSS Metrics (Learn More)
This document was written by Art Manion.
- CVE IDs: CAN-2003-0346
- CERT Advisory: CA-2003-18
- Date Public: 23 Jul 2003
- Date First Published: 25 Jul 2003
- Date Last Updated: 30 Jul 2003
- Severity Metric: 29.83
- Document Revision: 19
If you have feedback, comments, or additional information about this vulnerability, please send us email.