Vulnerability Note VU#995220
Microsoft DirectShow buffer overflow
Overview
A buffer overflow in Microsoft DirectShow may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Description
Microsoft DirectShow is a programming architecture for streaming multimedia on the Microsoft Windows platform. An input validation error in the DirectShow architecture may allow a buffer overflow to occur in applications or components that use DirectShow. If a remote, unauthenticated attacker supplies an application or component that uses DirectShow with a specially crafted media file, that attacker may be able to trigger the buffer overflow and, consequently, execute arbitrary code. For more information, including a list of affected software, please see MS05-050. |
Impact
By convincing a user to open a specially crafted media file with an application that uses DirectShow, an attacker may be able to execute arbitrary code with the privileges of the user. |
Solution
Apply an update Microsoft has addressed this issue in Microsoft Security Bulletin MS05-050. |
Do not accept media files from untrusted sources
|
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Microsoft Corporation | Affected | - | 11 Oct 2005 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://www.microsoft.com/technet/security/Bulletin/MS05-050.mspx
- http://eeye.com/html/research/advisories/AD20051011a.html
Credit
This vulnerability was reported by in Microsoft Security Bulletin MS05-050. Microsoft credits eEye Digital Security for reporting this vulnerability.
This document was written by Jeff Gennari.
Other Information
- CVE IDs: CAN-2005-2128
- Date Public: 11 Oct 2005
- Date First Published: 11 Oct 2005
- Date Last Updated: 14 Oct 2005
- Severity Metric: 14.70
- Document Revision: 27
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.