Executive Summary
| Summary | |
|---|---|
| Title | Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633) |
| Informations | |||
|---|---|---|---|
| Name | MS09-028 | First vendor Publication | 2009-07-14 |
| Vendor | Microsoft | Last vendor Modification | 2009-08-19 |
| Severity (Vendor) | Critical | Revision | 2.0 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Revision Note: V2.0 (August 19, 2009): Bulletin updated to reflect that the update for DirectX 8.1 also applies to DirectX 8.1b.Summary: This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft DirectShow. The vulnerabilities could allow remote code execution if a user opened a specially crafted QuickTime media file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
| Url : http://www.microsoft.com/technet/security/bulletin/MS09-028.mspx |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 50 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 50 % | CWE-20 | Improper Input Validation |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:5963 | |||
| Oval ID: | oval:org.mitre.oval:def:5963 | ||
| Title: | DirectX Pointer Validation Vulnerability | ||
| Description: | The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1538 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | DirectX |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6237 | |||
| Oval ID: | oval:org.mitre.oval:def:6237 | ||
| Title: | DirectX NULL Byte Overwrite Vulnerability | ||
| Description: | Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1537 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | DirectX |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6341 | |||
| Oval ID: | oval:org.mitre.oval:def:6341 | ||
| Title: | DirectX Size Validation Vulnerability | ||
| Description: | The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1539 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | DirectX |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
SAINT Exploits
| Description | Link |
|---|---|
| Microsoft DirectX DirectShow QuickTime movie parsing vulnerability | More info here |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-07-15 | Name : Microsoft DirectShow Remote Code Execution Vulnerability (961373) File : nvt/secpod_ms09-028.nasl |
| 2009-06-01 | Name : Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution File : nvt/secpod_ms_directx_code_exec_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 55845 | Microsoft DirectX DirectShow quartz.dll QuickTime NumberOfEntries Field Memor... Microsoft Windows DirectDraw contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when Internet Explorer renders a malicious web page. It is possible that the flaw may allow arbitrary code execution resulting in a loss of confidentiality and/or availability. |
| 55844 | Microsoft DirectX DirectShow QuickTime File Pointer Validation Arbitrary Code... MS Windows DirectDraw contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when Internet Explorer renders a malicious web page. It is possible that the flaw may allow remote code execution resulting in a loss of integrity. |
| 54797 | Microsoft DirectX DirectShow quartz.dll QuickTime NULL Byte Overwrite Arbitra... |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2019-10-17 | Microsoft DirectShow QuickTime file atom size parsing heap corruption attempt RuleID : 51557 - Revision : 1 - Type : OS-WINDOWS |
| 2019-10-17 | Microsoft DirectShow QuickTime file atom size parsing heap corruption attempt RuleID : 51556 - Revision : 1 - Type : OS-WINDOWS |
| 2019-10-17 | Microsoft DirectShow QuickTime file atom size parsing heap corruption attempt RuleID : 51555 - Revision : 1 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows AVI DirectShow QuickTime parsing overflow attempt RuleID : 23565 - Revision : 4 - Type : FILE-MULTIMEDIA |
| 2014-01-10 | Microsoft Windows DirectShow QuickTime file stsc atom parsing heap corruption... RuleID : 15682 - Revision : 16 - Type : FILE-MULTIMEDIA |
| 2014-01-10 | Microsoft DirectShow QuickTime file atom size parsing heap corruption attempt RuleID : 15680 - Revision : 9 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows AVI DirectShow QuickTime parsing overflow attempt RuleID : 15517 - Revision : 18 - Type : FILE-MULTIMEDIA |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-07-14 | Name : It is possible to execute arbitrary code on the remote Windows host using Dir... File : smb_nt_ms09-028.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:46:15 |
|
| 2014-01-19 21:30:19 |
|
