Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:D528B63CD4435CAA28BEA041882E67B9
HistoryJul 07, 2009 - 12:00 a.m.

Microsoft DirectShow Video Streaming ActiveX IMPEG2TuneRequest Overflow

2009-07-0700:00:00
SAINT Corporation
my.saintcorporation.com
44

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.969 High

EPSS

Percentile

99.7%

JSON

Added: 07/07/2009
CVE: CVE-2008-0015
BID: 35558
OSVDB: 55651

Background

DirectX is a feature of the Windows operating system used for streaming media. Within DirectX, the DirectShow technology performs client-side audio and video sourcing, manipulation and rendering.

Problem

A stack buffer overflow vulnerability in DirectShow allows command execution when a user loads a page that invokes the BDATuner.IMPEG2TuneRequest ActiveX control to parse a malicious GIF image.

Resolution

Apply one of the workarounds described in Microsoft Security advisory 972890.

References

[http://isc.sans.org/diary.html?storyid=6733&amp;rss ](<http://isc.sans.org/diary.html?storyid=6733&rss
>)

Limitations

Exploit requires a user to open the exploit page in Internet Explorer 6 or 7.

Platforms

Windows XP

Related

saint 3
checkpoint_advisories 1
securityvulns 4
canvas 1
packetstorm 1
prion 2
nessus 3
cve 2
cert 1
openvas 4
f5 1
mskb 1
saint
saint
Microsoft DirectShow Video Streaming ActiveX IMPEG2TuneRequest Overflow
2009-07-07 00:00:00
Microsoft DirectShow Video Streaming ActiveX IMPEG2TuneRequest Overflow
2009-07-07 00:00:00
Microsoft DirectShow Video Streaming ActiveX IMPEG2TuneRequest Overflow
2009-07-07 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft DirectShow Video ActiveX Control Stack Buffer Overflow (CVE-2008-0015)
2009-07-07 00:00:00
securityvulns
securityvulns
Microsoft Video ActiveX code execution
2009-07-15 00:00:00
Microsoft Security Bulletin MS09-032 - Critical Cumulative Security Update of ActiveX Kill Bits &#40;973346&#41;
2009-07-14 00:00:00
US-CERT Technical Cyber Security Alert TA09-209A -- Microsoft Windows, Internet Explorer, and Active Template Library &#40;ATL&#41; Vulnerabilities
2009-07-29 00:00:00
canvas
canvas
Immunity Canvas: MS09_032
2009-07-07 23:30:00
packetstorm
packetstorm
Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption
2009-11-26 00:00:00
prion
prion
Stack overflow
2009-07-07 23:30:00
Memory corruption
2009-07-07 23:30:00
nessus
nessus
MS09-032: Cumulative Security Update of ActiveX Kill Bits (973346)
2009-07-07 00:00:00
MS09-037: Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)
2009-08-11 00:00:00
Windows Server 2008 Critical RCE Vulnerabilities (uncredentialed) (PCI/DSS)
2018-04-03 00:00:00
cve
cve
CVE-2008-0015
2009-07-07 23:30:00
CVE-2008-0020
2009-07-07 23:30:00
cert
cert
Microsoft Video ActiveX control stack buffer overflow
2009-07-06 00:00:00
openvas
openvas
Microsoft Video ActiveX Control 'msvidctl.dll' BOF Vulnerability
2009-07-09 00:00:00
Microsoft Video ActiveX Control 'msvidctl.dll' BOF Vulnerability
2009-07-09 00:00:00
Vulnerabilities in Microsoft ATL Could Allow Remote Code Execution (973908)
2009-08-14 00:00:00
f5
f5
SOL10441 - Microsoft Active Template Library (ATL) vulnerabilities VU#456745
2009-08-17 00:00:00
mskb
mskb
MS09-037: Vulnerabilities in Microsoft Active Template Library (ATL) could allow remote code execution
2019-11-06 02:17:02

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.969 High

EPSS

Percentile

99.7%

JSON
Related for SAINT:D528B63CD4435CAA28BEA041882E67B9
saint3checkpoint_advisories1securityvulns4canvas1packetstorm1prion2nessus3cve2cert1openvas4f51mskb1