Summary
This host is missing a critical security update according to Microsoft Bulletin MS07-064.
Impact
Successful exploitation could allow arbitrary code execution and can potentially compromise a user's system.
Impact Level: System
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms07-064.mspx
Insight
The flaw is due to,
- A boundary error in quartz.dll when parsing 'SAMI' files which can be exploited to cause a stack-based buffer overflow when opening a specially crafted file.
- An error within the DirectShow technology when parsing 'AVI' and 'WAV' files.
Affected
DirectX 7.0, 8.1 and 9.0 on Microsoft Windows 2000 DirectX 9.0 on Microsoft Windows XP and 2003
DirectX 10.0 on Microsoft Windows vista
References
Severity
Classification
-
CVE CVE-2007-3895, CVE-2007-3901 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270)
- Active Directory Could Allow Remote Code Execution Vulnerability (957280)
- Cumulative Patch for Internet Information Services (Q327696)
- Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881)
- Microsoft Excel Could Allow Remote Code Execution Vulnerabilities (954066)