Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Multiple Buffer Overruns in Microsoft DirectX
Two buffer-overrun vulnerabilities in Microsoft DirectX can result in the execution of arbitrary code on the vulnerable computer.
Ken Pfeil
July 23, 2003
2 Min Read
Reported July 23, 2003, by Microsoft.
VERSIONS AFFECTED
Microsoft DirectX 9.0a on Windows Server 2003, Windows XP, Windows 2000, and Windows Me
Microsoft DirectX 8.1 on Windows 2003 and XP
Microsoft DirectX 7.0 on Windows 2000
Microsoft DirectX 7.0a on Windows Me
Microsoft DirectX 6.1 on Windows 98 Second Edition (Win98SE)
Microsoft DirectX 5.2 on Win98
Windows NT 4.0 with Windows Media Player (WMP) 6.4 or Internet Explorer (IE) 6.0 Service Pack 1 (SP1)
Windows NT Server 4.0, Terminal Server Edition (WTS) with WMP 6.4 or IE 6.0 SP1
DESCRIPTION
Two buffer-overrun vulnerabilities in Microsoft DirectX can result in the execution of arbitrary code on the vulnerable computer. This vulnerability stems from a pair of flaws in all versions of quartz.dll, which lets Windows applications play MIDI music through a common interface. An attacker can construct a malicious .mid file and configure it to play automatically whenever a victim attempts to view certain HTML, such as an attacker-controlled Web site, resulting in the compromise of the victim's machine. For detailed information about this vulnerability, see the discoverer's Web site.
VENDOR RESPONSE
Microsoft has released Security BulletinMS03-030, "Unchecked Buffer in DirectX Could Enable System Compromise (819696)," to address this vulnerability and recommends that affected users immediately apply the patch mentioned in the bulletin.
CREDIT
Discovered byeEye Digital Security.
Read more about:
MicrosoftAbout the Author
You May Also Like
.jpg?width=700&auto=webp&quality=80&disable=upscale)
