Summary
This host has DirectX installed, which is prone to remote code execution vulnerabilities.
Impact
Successful exploitation allows remote attackers to execute arbitrary code when a user opens a specially crafted media file. An attacker could take complete control of an affected system.
Impact Level: System
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms08-033.mspx
Insight
The flaws are due to
- error in the Windows MJPEG Codec when performing error checking on MJPEG video streams embedded in ASF or AVI media files which can be exploited with a specially crafted MJPEG file.
- error in the parsing of Class Name variables in Synchronized Accessible Media Interchange (SAMI) files which can be exploited with a specially crafted SAMI file.
Affected
DirectX 7.0, 8.1, 9.0, 9.0a, 9.0b and 9.0c on Microsoft Windows 2000 DirectX 9.0, 9.0a, 9.0b and 9.0c on Microsoft Windows XP and 2003 DirectX 10.0 on Microsoft Windows Vista and 2008 Server
References
Severity
Classification
-
CVE CVE-2008-0011, CVE-2008-1444 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Cumulative Security Update for Internet Explorer (931768)
- Bluetooth Stack Could Allow Remote Code Execution Vulnerability (951376)
- Buffer Overrun In HTML Converter Could Allow Code Execution (823559)
- Microsoft DirectShow Remote Code Execution Vulnerability (961373)
- Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)