Lucene search

K
saintSAINT CorporationSAINT:13CB6E74EF2D451C84725E861C4CDBE4
HistoryJan 22, 2008 - 12:00 a.m.

Microsoft DirectX SAMI parser buffer overflow

2008-01-2200:00:00
SAINT Corporation
download.saintcorporation.com
10

0.962 High

EPSS

Percentile

99.5%

Added: 01/22/2008
CVE: CVE-2007-3901
BID: 26789
OSVDB: 39126

Background

DirectX is a feature of the Windows operating system used for streaming media.

Problem

A buffer overflow vulnerability in DirectX allows command execution when a user opens a specially crafted SAMI file in Windows Media Player.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 07-064.

References

<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=632&gt;

Limitations

Exploit works on Windows 2000 with DirectX 7.0 (4.07.00.0700) or DirectX 8.1 (4.08.01.0881). Successful exploitation requires a user to open the exploit file in Windows Media Player 6.4.

Platforms

Windows 2000