Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:2583
HistoryDec 13, 2007 - 12:00 a.m.

Microsoft DirectX SAMI及WAV/AVI文件解析远程代码执行漏洞(MS07-064)

2007-12-1300:00:00
Root
www.seebug.org
10

0.968 High

EPSS

Percentile

99.6%

JSON

BUGTRAQ ID: 26804,26789
CVE(CAN) ID: CVE-2007-3901,CVE-2007-3895

Microsoft DirectX是Windows操作系统中的一项功能,流媒体在玩游戏或观看视频时通过这个功能支持图形和声音。

Microsoft DirectX处理畸形格式的媒体文件时存在漏洞,本地攻击者可能利用此漏洞提升自己的权限。

集成DirectX技术的Microsoft DirectShow没有对Synchronized Accessible Media Interchange(SAMI)文件类型参数和WAV、AVI文件类型参数执行充分的分析。如果用户在DirectX中打开用于流式媒体的特制文件,这些漏洞就可能允许执行代码。如果用户使用管理用户权限登录,成功利用此漏洞的攻击者便可完全控制受影响的系统。攻击者可随后安装程序;查看、更改或删除数据;或者创建拥有完全用户权限的新帐户。那些帐户被配置为拥有较少系统用户权限的用户比具有管理用户权限的用户受到的影响要小。

Microsoft DirectX 9.0 c
Microsoft DirectX 8.1
Microsoft DirectX 7.0
Microsoft DirectX 10.0
临时解决方法:

  • 修改quartz.dll的访问控制列表

在Windows XP(所有版本)上,通过命令提示符运行以下命令:
Echo y| Cacls.exe %WINDIR%\SYSTEM32\QUARTZ.DLL /E /P everyone:N

在Windows Vista(所有版本)上,通过提命令提示符运行以下命令:
Takeown.exe /f %WINDIR%\SYSTEM32\QUARTZ.DLL
Icacls.exe %WINDIR%\SYSTEM32\QUARTZ.DLL /save %TEMP%\QUARTZ_ACL.TXT
Icacls.exe %WINDIR%\SYSTEM32\QUARTZ.DLL /deny everyone:(F)

  • 注销quartz.dll
    Regsvr32.exe –u %WINDIR%\SYSTEM32\QUARTZ.DLL

厂商补丁:

Microsoft

Microsoft已经为此发布了一个安全公告(MS07-064)以及相应补丁:
MS07-064:Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)
链接:<a href=“http://www.microsoft.com/technet/security/Bulletin/MS07-064.mspx?pf=true” target=“_blank”>http://www.microsoft.com/technet/security/Bulletin/MS07-064.mspx?pf=true</a>

Related

securityvulns 3
nessus 1
openvas 2
packetstorm 2
seebug 1
saint 4
prion 2
cert 2
checkpoint_advisories 4
cve 2
exploitpack 1
exploitdb 1
securityvulns
securityvulns
Microsoft Security Bulletin MS07-064 – Critical Vulnerabilities in DirectX Could Allow Remote Code Execution &#40;941568&#41;
2007-12-12 00:00:00
Microsoft Windows DirectX multiple security vulnerabilities
2007-12-13 00:00:00
iDefense Security Advisory 12.11.07: Microsoft DirectX 7 and 8 DirectShow Stack Buffer Overflow Vulnerability
2007-12-13 00:00:00
nessus
nessus
MS07-064: Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)
2007-12-11 00:00:00
openvas
openvas
Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)
2011-01-14 00:00:00
Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)
2011-01-14 00:00:00
packetstorm
packetstorm
sami-overflow.txt
2008-01-09 00:00:00
Microsoft DirectX DirectShow SAMI Buffer Overflow
2009-11-26 00:00:00
seebug
seebug
Microsoft DirectX SAMI File Parsing Remote Stack Overflow Exploit
2008-01-09 00:00:00
saint
saint
Microsoft DirectX SAMI parser buffer overflow
2008-01-22 00:00:00
Microsoft DirectX SAMI parser buffer overflow
2008-01-22 00:00:00
Microsoft DirectX SAMI parser buffer overflow
2008-01-22 00:00:00
prion
prion
Buffer overflow
2007-12-12 00:46:00
Stack overflow
2007-12-12 00:46:00
cert
cert
Microsoft DirectX remote code execution
2007-12-14 00:00:00
Microsoft DirectX SAMI parsing buffer overflow
2007-12-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft DirectX SAMI File Parsing Code Execution (MS07-064; CVE-2007-3901)
2007-12-17 00:00:00
Microsoft DirectX WAV and AVI File Parsing Code Execution (MS07-064; CVE-2007-3895)
2009-10-01 00:00:00
Update Protection against Microsoft AVI File Parsing Remote Code Execution Vulnerability (MS07-064)
2007-12-18 00:00:00
cve
cve
CVE-2007-3895
2007-12-12 00:46:00
CVE-2007-3901
2007-12-12 00:46:00
exploitpack
exploitpack
Microsoft DirectX SAMI File Parsing - Remote Stack Overflow
2008-01-08 00:00:00
exploitdb
exploitdb
Microsoft DirectX SAMI File Parsing - Remote Stack Overflow
2008-01-08 00:00:00

0.968 High

EPSS

Percentile

99.6%

JSON
Related for SSV:2583
securityvulns3nessus1openvas2packetstorm2seebug1saint4prion2cert2checkpoint_advisories4cve2exploitpack1exploitdb1