台灣
RSS
Outpost 個人防火牆 - Vulnerability in DirectShow May Lead to Remote Code Execution
Agnitum Security Advisories
ASA-07-0510-4: Vulnerability in DirectShow May Lead to Remote Code Execution
Vulnerability summary:
|
Severity rating:
|
Critical
|
|
|
Date Published:
|
October 11, 2005
|
|
|
Software Vendor:
|
Microsoft
|
|
|
Affected Software:
|
DirectX component (DirectShow)
|
|
|
Affected OS:
|
Windows XP (all), Windows Server 2003 (all), Microsoft Windows XP Professional x64 Edition, Windows 2000 (all), Windows 98 (incl. SE), Windows Millennium Edition (ME)
|
|
|
Unaffected with:
|
-
|
|
|
Vulnerability class:
|
Remote Code Execution
|
|
|
Status:
|
Fixed
|
Vulnerability details:
Tech brief:
Remote code execution vulnerability exists in DirectShow that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system – install arbitrary programs; view, change, or delete data; or create new accounts with full user rights. Users with limited user rights are less exposed than those having full administrative access rights.
The problem is caused by an unchecked buffer in DirectShow which is used for streaming media on Microsoft Windows operating systems. The technology is utilized in high-quality capturing and playback of multimedia streams. DirectShow component enables to automatically detect and use video and audio acceleration hardware when available. It is also integrated with other DirectX technologies. Some of the applications that rely on DirectShow include DVD players, video editing applications, AVI to ASF converters, MP3 players, and digital video capture applications.
According to the vulnerability report, an attacker can exploit the vulnerability by sending a specially-crafted *.avi media file to the affected system and getting the recipient to open the file. The message could then cause the system to install malicious code (worm, virus, Trojan horse), read confidential data, or take control over the target system.
Vendor reference information:
Vendor details pertaining to the problem are available here:
http://www.microsoft.com/technet/security/Bulletin/MS05-050.mspx
General Mitigating Recommendations:
Install latest vendor patches available at http://windowsupdate.microsoft.com.
Do not run files obtained from doubtful sources.
How Outpost Firewall PRO protects you:
With Outpost's Attachment Quarantine plug-in you can specify which types of downloaded email attachments should be blocked from being accidentally opened by a user. This will prevent potentially dangerous files from exploiting OS flaws.
Disclaimer:
Information in the present advisory is believed to be accurate as to the time of publishing based on currently available information. Use of the information signifies acceptance for use in an AS IS condition. There are no warranties with regard to this information. Agnitum Ltd. doesn't accept any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
關於Version 2 Limited
Version 2 Limited 是亞洲其中一間最有活力的IT公司,公司發展及代理各種不同的互聯網及IP-Based 網絡IT產品,當中包括通訊系統、保安、網絡及媒體產品。透過公司龐大的網絡、銷售點、分銷商及合作顆伴,Version 2 Limited 便可提供廣被市場讚賞的產品及服務。Version 2 Limited 客戶來自各行各業,包括全球1000大跨國企業、上市公司、公用機構、政府部門、無數成功的中小企及來自亞洲各城市的客戶。
如對產品有興趣,可瀏覽以下網址:
http://www.version-2.com/op
http://www.version-2.com/nod32op
