|
Family: Windows : Microsoft Bulletins --> Category: infos
DirectX MIDI Overflow (819696) Vulnerability Scan
Vulnerability Scan Summary Checks hotfix 819696
Detailed Explanation for this Vulnerability Test
Synopsis :
Arbitrary code can be executed on the remote host through DirectX.
Description :
The remote host is running a version of Windows with a version of
DirectX which is vulnerable to a buffer overflow in the module
which handles MIDI files.
To exploit this flaw, a possible hacker needs to craft a rogue MIDI file and
send it to a user of this computer. When the user attempts to read the
file, it will trigger the buffer overflow condition and the attacker
may gain a shell on this host.
Solution :
Microsoft has released a set of patches for DirectX :
http://www.microsoft.com/technet/security/bulletin/ms03-030.mspx
Threat Level:
High / CVSS Base Score : 8
(AV:R/AC:H/Au:NR/C:C/A:C/I:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|