Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[NT] Vulnerability in DirectShow Allows Remote Code Execution (MS05-050)

from [SecuriTeam] Network Security [Permanent Link]
Subject: [NT] Vulnerability in DirectShow Allows Remote Code Execution (MS05-050)
Date: 12 Oct 2005 10:23:44 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Vulnerability in DirectShow Allows Remote Code Execution (MS05-050)
------------------------------------------------------------------------


SUMMARY

A remote code execution vulnerability exists in DirectShow that could 
allow an attacker who successfully exploited this vulnerability to take 
complete control of the affected system.

DETAILS

Affected Software:
 * Microsoft DirectX 7.0 on Microsoft Windows 2000 with Service Pack 4 -  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=2feffe6c-6c1c-42d9-b15e-f8f8d9c0e60e>
 Download the update
 * Microsoft DirectX 8.1 on Microsoft Windows XP Service Pack 1 and on 
Microsoft Windows XP with Service Pack 2 -  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=2636cfce-49ea-4d06-80ba-21a84f3658a5>
 Download the update
 * Microsoft DirectX 8.1 on Microsoft Windows XP Professional x64 Edition 
-  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=ef614cdc-1db5-4b5c-8440-714941799a9f>
 Download the update
 * Microsoft DirectX 8.1 on Microsoft Windows Server 2003 and on Microsoft 
Windows Server 2003 with Service Pack 1 -  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=66f44766-3741-4c83-aa5f-1b3498131dd9>
 Download the update
 * Microsoft DirectX 8.1 on Microsoft Windows Server 2003 for 
Itanium-based Systems and on Microsoft Windows Server 2003 with SP1 for 
Itanium-based Systems -  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=7f8342a0-2462-46d3-9e40-262f72db68a6>
 Download the update
 * Microsoft DirectX 8.1 on Microsoft Windows Server 2003 x64 Edition -  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=76c3815c-a966-49eb-825f-1b8454c09bbf>
 Download the update
 * Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and 
Microsoft Windows Millennium Edition (ME)   Review the FAQ section of this 
bulletin for details about these operating systems.

Tested Microsoft Windows Components:
Affected Components:
 * Microsoft DirectX 8.0, 8.0a, 8.1, 8.1a, 8.1b, and 8.2 when installed on 
Windows 2000 Service Pack 4 -  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=FEDC7212-27B8-4993-9965-53E9298DB386>
 Download the update
 * Microsoft DirectX 9.0, 9.0a, 9.0b, and 9.0c when installed on Windows 
2000 Service Pack 4 -  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=1853AD1F-92C8-4C2B-8F52-9B2FC8DBF769>
 Download the update
 * Microsoft DirectX 9.0, 9.0a, 9.0b, and 9.0c when installed on Windows 
XP Service Pack 1 -  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=36FBED29-E264-4BC7-AB48-2CC4A59ACAA1>
 Download the update
 * Microsoft DirectX 9.0, 9.0a, 9.0b, and 9.0c when installed on Windows 
Server 2003 -  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=6083BA2D-4F1A-4900-8F7D-A32CB41CB5FA>
 Download the update

CVE Information:
 <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2128> 
CAN-2005-2128

Mitigating Factors for DirectShow Vulnerability:
 * An attacker who successfully exploited this vulnerability could gain 
the same user rights as the local user. Users whose accounts are 
configured to have fewer user rights on the system could be less impacted 
than users who operate with administrative user rights.

What is the scope of the vulnerability?
This is a remote code execution vulnerability. An attacker who 
successfully exploited this vulnerability could remotely take complete 
control of an affected system. An attacker could then install programs; 
view, change, or delete data; or create new accounts with full user 
rights.

What causes the vulnerability?
An unchecked buffer in DirectShow.

What is DirectShow?
Microsoft DirectShow is used for streaming media on Microsoft Windows 
operating systems. DirectShow is used for high-quality capture and 
playback of multimedia streams. It automatically detects and uses video 
and audio acceleration hardware when available, but also supports systems 
without acceleration hardware. It is also integrated with other DirectX 
technologies

Some of the types of applications that you can create by using DirectShow 
include DVD players, video editing applications, AVI to ASF converters, 
MP3 players, and digital video capture applications.

What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could take 
complete control of the affected system.

Who could exploit the vulnerability?
On a Windows operating system, any anonymous user who could deliver a 
specially crafted .avi file to the affected system could try to exploit 
this vulnerability.

In a Web-based attack scenario, an attacker would have to host a Web site 
that contains a Web page that is used to try to exploit this 
vulnerability. An attacker would have no way to force users to visit a 
malicious Web site. Instead, an attacker would have to persuade them to 
visit the Web site, typically by getting them to click a link that takes 
them to the attacker's site. It could also be possible to display 
malicious Web content by using banner advertisements or by using other 
methods to deliver Web content to affected systems.

What systems are primarily at risk from the vulnerability?
Workstations and terminal servers are primarily at risk. Servers could be 
at more risk if users who do not have sufficient administrative 
permissions are given the ability to log on to servers and to run 
programs. However, best practices strongly discourage allowing this.

What does the update do?
The update removes the vulnerability by modifying the way that DirectShow 
validates the length of a message before it passes the message to the 
allocated buffer.

When this security bulletin was issued, had this vulnerability been 
publicly disclosed?
No. Microsoft received information about this vulnerability through 
responsible disclosure. Microsoft had not received any information to 
indicate that this vulnerability had been publicly disclosed when this 
security bulletin was originally issued.

When this security bulletin was issued, had Microsoft received any reports 
that this vulnerability was being exploited?
No. Microsoft had not received any information to indicate that this 
vulnerability had been publicly used to attack customers and had not seen 
any examples of proof of concept code published when this security 
bulletin was originally issued.


ADDITIONAL INFORMATION

The information has been provided by Microsoft Product Security.
The original article can be found at:  
<http://www.microsoft.com/technet/security/Bulletin/MS05-050.mspx> 
http://www.microsoft.com/technet/security/Bulletin/MS05-050.mspx



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [NT] Vulnerability in DirectShow Allows Remote Code Execution (MS05-050), SecuriTeam <=
Previous by Date:  [NT] Vulnerability in Network Connection Manager Allows DoS (MS05-045), SecuriTeam
Next by Date:  [NT] Vulnerabilities in Windows Shell Allows Remote Code Execution (MS05-049), SecuriTeam
Previous by Thread:  [NT] Vulnerability in Network Connection Manager Allows DoS (MS05-045), SecuriTeam
Next by Thread:  [NT] Vulnerabilities in Windows Shell Allows Remote Code Execution (MS05-049), SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]