This host has DirectX installed, which is prone to remote code execution vulnerabilities.

Successful exploitation allows remote attackers to execute arbitrary code when a user opens a specially crafted media file. An attacker could take complete control of an affected system. Impact Level: System

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://www.microsoft.com/technet/security/bulletin/ms08-033.mspx

The flaws are due to - error in the Windows MJPEG Codec when performing error checking on MJPEG video streams embedded in ASF or AVI media files which can be exploited with a specially crafted MJPEG file. - error in the parsing of Class Name variables in Synchronized Accessible Media Interchange (SAMI) files which can be exploited with a specially crafted SAMI file.

DirectX 7.0, 8.1, 9.0, 9.0a, 9.0b and 9.0c on Microsoft Windows 2000 DirectX 9.0, 9.0a, 9.0b and 9.0c on Microsoft Windows XP and 2003 DirectX 10.0 on Microsoft Windows Vista and 2008 Server

• http://secunia.com/advisories/30579
• http://www.frsirt.com/english/advisories/2008/1780
• http://www.microsoft.com/technet/security/bulletin/ms08-033.mspx
• http://www.us-cert.gov/cas/techalerts/TA08-162B.html
• http://www.zerodayinitiative.com/advisories/ZDI-08-040/

---

Updated on 2015-03-25