3 matches found
Microsoft DirectX DirectShow AVI文件解析堆溢出漏洞(MS10-013)
BUGTRAQ ID: 38112 CVE ID: CVE-2010-0250 Microsoft DirectX是Windows操作系统中的一项功能,流媒体在玩游戏或观看视频时通过这个功能支持图形和声音。 DirectX的DirectShow组件(quartz.dll)在解析AVI文件中的特定类型视频流时没有正确的使用分配所用的长度字段,导致分配了不充分的缓冲区。用户打开特制的AVI文件就可以触发堆溢出,导致执行任意代码。 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Vista SP2...
CVE-2010-0250
CVE-2010-0250 is a DirectShow/Quartz heap overflow vulnerability in Microsoft DirectX where the AVI/QUartz AVI parser misallocates a buffer when processing a crafted AVI file’s length field, enabling remote code execution. Affected components include DirectShow (AVI Filter) and Quartz, with impac...
ZDI-10-015: Microsoft Windows RLE Video Decompressor Remote Code Execution Vulnerability
ZDI-10-015: Microsoft Windows RLE Video Decompressor Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-015 February 9, 2010 -- CVE ID: CVE-2010-0250 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Windows XP Microsoft Windows Vista --...