Summary
This host is missing a critical security update according to Microsoft Bulletin MS07-064.
Impact
Successful exploitation could allow arbitrary code execution and can potentially compromise a user's system.
Impact Level: System
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms07-064.mspx
Insight
The flaw is due to,
- A boundary error in quartz.dll when parsing 'SAMI' files which can be exploited to cause a stack-based buffer overflow when opening a specially crafted file.
- An error within the DirectShow technology when parsing 'AVI' and 'WAV' files.
Affected
DirectX 7.0, 8.1 and 9.0 on Microsoft Windows 2000 DirectX 9.0 on Microsoft Windows XP and 2003
DirectX 10.0 on Microsoft Windows vista
References
Severity
Classification
-
CVE CVE-2007-3895, CVE-2007-3901 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)
- Cumulative Security Update for Internet Explorer (961260)
- Cumulative Security Update for Internet Explorer (931768)
- Microsoft Expression Design Remote Code Execution Vulnerability (2651018)
- ADODB.Stream object from Internet Explorer (KB870669)