[Am-info] NASTY! DirectX Remotely Exploitable Buffer Overflow
Fred A. Miller
fmiller@lightlink.com
Wed, 23 Jul 2003 23:58:54 -0400
Microsoft Windows DirectX Remotely Exploitable Buffer Overflow
READ ONLINE:
http://www.secunia.com/advisories/9335/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
=46rom remote
OPERATING SYSTEM:
Microsoft Windows 2000 Datacenter Server
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows 95
Microsoft Windows XP Professional
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Server
Microsoft Windows NT 4.0 Server, Terminal Server Edition
Microsoft Windows NT 4.0 Server
Microsoft Windows XP Home Edition
Microsoft Windows NT 4.0 Workstation
Microsoft Windows Millenium
Microsoft Windows 98 Second Edition
Microsoft Windows 98
Microsoft Windows 2000 Professional
SOFTWARE:
Microsoft DirectX 9.x
Microsoft DirectX 8.x
Microsoft DirectX 7.x
Microsoft DirectX 6.x
Microsoft DirectX 5.x
DESCRIPTION:
A vulnerability has been identified in DirectX allowing malicious
people to gain system access.
The problem is two unchecked buffers in DirectX which allows
malicious people to create a MIDI (audio) file which cause a buffer
overflow. This could be exploited to run arbitrary code in the
context of the logged in user.
MIDI files may be embedded in HTML documents like web pages and
emails.
SOLUTION:
Microsoft DirectX version 9.0b is not vulnerable. It is available for
Windows 2000, Windows 98, Windows 98 Second Edition, Windows ME and
Windows XP:
http://microsoft.com/downloads/details.aspx?FamilyId=3D141D5F9E-07C1-462A-B=
AEF-5EAB5C851CF5&displaylang=3Den
Microsoft DirectX version 9.0b is not available for Windows NT,
alternative patches are available:
Windows NT 4.0:
http://microsoft.com/downloads/details.aspx?FamilyId=3D8FF8CA3E-D546-4FAF-8=
51F-FFBE2490B901&displaylang=3Den
Windows NT 4.0 Terminal Server Edition:
http://microsoft.com/downloads/details.aspx?FamilyId=3D5C46460D-3887-4D5F-B=
142-F505BB208797&displaylang=3Den
If you do not wish to upgrade to Microsoft DirectX 9.0b, updates for
older versions are available:
Microsoft DirectX 7.0 on Windows 2000:
http://microsoft.com/downloads/details.aspx?FamilyId=3D7D0E4787-A993-4C49-A=
5A7-9A6DE8EFDB9E&displaylang=3Den
Microsoft DirectX 8.1 on Windows XP 32-bit Edition:
http://microsoft.com/downloads/details.aspx?FamilyId=3D5ABA6A3B-F67B-4B18-B=
4B5-62E69A0104CE&displaylang=3Den
Microsoft DirectX 8.1 on Windows XP 64-bit Edition:
http://microsoft.com/downloads/details.aspx?FamilyId=3D8F23F7AF-5317-4502-8=
B17-7C1A2139EBDC&displaylang=3Den
Microsoft DirectX 8.1 on Windows Server 2003 32-bit Edition:
http://microsoft.com/downloads/details.aspx?FamilyId=3DA5156FF8-1812-4DB4-9=
175-BF9CA370279D&displaylang=3Den
Microsoft DirectX 8.1 on Windows Server 2003 64-bit Edition:
http://microsoft.com/downloads/details.aspx?FamilyId=3D59732FCF-993A-45E8-8=
BA4-064575055D86&displaylang=3Den
Microsoft DirectX 9.0a: All Windows versions:
http://microsoft.com/downloads/details.aspx?FamilyId=3D22F990CB-E9F9-4670-8=
B4F-AC4F6F66C3A2&displaylang=3Den
REPORTED BY / CREDITS:
eEye Digital Security
ORIGINAL ADVISORY:
http://www.microsoft.com/technet/security/bulletin/MS03-030.asp
=2D-=20
Planet Earth - a subsidiary of Microsoft=AE.
We have no bugs in our software, Never!,=20
We do have undocumented added features,
that you will find amusing, at no added cost,=20
to you, at this time.