|
| |
|
Security Intelligence Operations
Microsoft DirectX MJPEG Decoder Code Execution Vulnerability |
| |
| Vulnerability Alert | Powered by  |
|
|
| Threat Type: | Unintended Weakness: Arbitrary Code Execution |
|
| IntelliShield ID: | 16005 |
| Version: | 4 |
| First Published: | June 10, 2008 03:50 PM EDT |
| Last Published: | July 17, 2008 11:32 AM EDT |
| Vector: | Network |
| Authentication: | None |
| Exploit: | Unproven |
| Port: |
Not Available
|
| CVE: | CVE-2008-0011 |
| BugTraq ID: | 29581 |
| |
| Urgency: |
Unlikely Use
|  |
| Credibility: |
Confirmed
|  |
| Severity: |
Moderate Damage
|  |
| CVSS Base: | 9.3 |
CVSS Calculator
CVSS Version 2
|
| CVSS Temporal: | 6.9 |
|
|
| |
| Version Summary: | Microsoft has re-released a security bulletin with additional affected products to address the Microsoft DirectX MJPEG Decoder code execution vulnerability. |
| |
| |
| Description |
|
Microsoft DirectX versions 8.1, 9.0, and 10.0 contain a vulnerability that can allow an unauthenticated, remote attacker to execute arbitrary code.
The vulnerability is due to improper validation of MJPEG video contained within Advanced Systems Format (ASF) or Audio Video Interleave (AVI) files. An unauthenticated, remote attacker could exploit the vulnerability by convincing a user to open a malicious media file. When the file is opened, code execution could occur with the privileges of the user.
Microsoft has confirmed the vulnerability in a security bulletin and released software updates. |
| |
 Warning Indicators |
|
The following Microsoft DirectX products are vulnerable:
Microsoft DirectX version 8.1
Microsoft DirectX version 9.0
Microsoft DirectX version 9.0a
Microsoft DirectX version 9.0b
Microsoft DirectX version 9.0c
Microsoft DirectX version 10.0 |
| |
| IntelliShield Analysis |
|
To exploit the vulnerability, an attacker must convince the user to open a malicious .asf or .avi file. An exploit could allow the attacker to execute arbitrary code with the privileges of the user. An attacker can only gain limited permissions on systems that restrict user privileges; however, an attacker could completely compromise systems that grant users administrative privileges, as any code would execute with the privileges of the user.
Microsoft corrected the vulnerability by increasing the validation of MJPEG video streams.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities disclosed in this month's Microsoft security bulletin release that can be identified or mitigated using Cisco devices. This Cisco bulletin is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin for June 2008 |
| |
| Vendor Announcements |
|
Microsoft has re-released a security bulletin at the following link: MS08-033
Avaya has released a security advisory at the following link: ASA-2008-235
Nortel has released a security bulletin at the following link: 2008008897 |
|
| |
| Impact |
|
An unauthenticated, remote attacker could exploit the vulnerability to execute arbitrary code with user privileges. The level of user privilege determines the degree of system compromise. If the user possesses administrative privileges, an exploit could result in a complete system compromise. |
| |
| Technical Information |
|
The vulnerability is due to improper validation of embedded MJPEG video streams within .asf and .avi files. An attacker could exploit the vulnerability by delivering a malicious file, either by hosting the file on a website or by sending a file directly to the user via e-mail or another messaging system, and convincing the user to open the file. An exploit could result in the execution of arbitrary code with the privileges of the user who opened the file. |
| |
| Safeguards |
|
Administrators are advised to apply the applicable software updates.
Users are advised not to follow links from untrusted sources. Users are advised to verify unexpected links from trusted sources before following them.
Users are advised not to open files from untrusted sources. Users are advised to verify unexpected files from trusted sources before opening them.
Users are advised not to visit untrusted websites.
Users are advised to run applications with the least necessary privileges. |
| |
| Patches/Software |
|
Microsoft has released updated software at the following links:
Microsoft DirectX 8.1
Microsoft DirectX 9.0, DirectX 9.0a, DirectX 9.0b, or DirectX 9.0c
Microsoft DirectX 10.0
|
|
| Signatures |
| |
|
|
| |
| Alert History |
| |
Version 3, June 17, 2008, 3:49 PM: Nortel has released a security advisory to address the Microsoft DirectX MJPEG Decoder code execution vulnerability.
Version 2, June 12, 2008, 2:53 PM: Avaya has released a security advisory to address the Microsoft DirectX MJPEG Decoder code execution vulnerability.
Version 1, June 10, 2008, 3:50 PM: Microsoft DirectX contains a vulnerability that can allow an unauthenticated, remote attacker to execute arbitrary code. Updates are available. |
|
Product Sets |
| |
The security vulnerability applies to the following combinations of products.
|
|
LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME. |
|
|
| |
