9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.969 High
EPSS
Percentile
99.7%
Added: 07/07/2009
CVE: CVE-2008-0015
BID: 35558
OSVDB: 55651
DirectX is a feature of the Windows operating system used for streaming media. Within DirectX, the DirectShow technology performs client-side audio and video sourcing, manipulation and rendering.
A stack buffer overflow vulnerability in DirectShow allows command execution when a user loads a page that invokes the BDATuner.IMPEG2TuneRequest ActiveX control to parse a malicious GIF image.
Apply one of the workarounds described in Microsoft Security advisory 972890.
[http://isc.sans.org/diary.html?storyid=6733&rss ](<http://isc.sans.org/diary.html?storyid=6733&rss
>)
Exploit requires a user to open the exploit page in Internet Explorer 6 or 7.
Windows XP