8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
0.966 High
EPSS
Percentile
99.6%
Added: 01/22/2008
CVE: CVE-2007-3901
BID: 26789
OSVDB: 39126
DirectX is a feature of the Windows operating system used for streaming media.
A buffer overflow vulnerability in DirectX allows command execution when a user opens a specially crafted SAMI file in Windows Media Player.
Apply the patch referenced in Microsoft Security Bulletin 07-064.
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=632>
Exploit works on Windows 2000 with DirectX 7.0 (4.07.00.0700) or DirectX 8.1 (4.08.01.0881). Successful exploitation requires a user to open the exploit file in Windows Media Player 6.4.
Windows 2000