[PCWorks] Microsoft DirectShow MJPEG Decompression Vulnerability

  • From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
  • To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
  • Date: Wed, 15 Apr 2009 07:21:52 -0500

TITLE:
Microsoft DirectShow MJPEG Decompression Vulnerability

Where: From remote

SECUNIA ADVISORY ID:
SA34665

VERIFY ADVISORY:
http://secunia.com/advisories/34665/

DESCRIPTION:
A vulnerability has been reported in Microsoft DirectX, which 
can be
exploited by malicious people to potentially compromise a 
user's
system.

The vulnerability is caused due to an error when decompressing 
MJPEG
content and can be exploited via a specially crafted MJPEG 
file.

Successful exploitation may allow execution of arbitrary code.

SOLUTION:
Apply patches.

-- DirectX 8.1 --

Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=0ec5b7c7-13d3-467a-b24e-3cc6fb47adf6


-- DirectX 9.0 --

Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8b98ed5c-a3ab-45a7-a61e-349eae304bc6

Windows XP SP2/SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=feb5d821-f210-40e8-b1aa-2ca3170df8df

Windows XP Professional x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=f1be8b7c-4874-4342-99b3-76ff725fbb9a

Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=c1b4cd76-1dd6-43fa-bb9a-20c428985bfd

Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=f0e1e1db-94a5-451c-ab11-6b431fa065f1

Windows Server 2003 with SP1/SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8f36c215-fa8a-40c2-b680-6b1fece03b8d

CHANGELOG:
MS09-011 (KB961373):
http://www.microsoft.com/technet/security/Bulletin/MS09-011.mspx


=========================
The list's FAQ's can be seen by sending an email to 
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.

To unsubscribe, subscribe, set Digest or Vacation to on or off, go to 
//www.freelists.org/list/pcworks .  You can also send an email to 
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line.  Your 
member list settings can be found at 
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks .  Once logged in, you have 
access to numerous other email options.  

The list archives are located at //www.freelists.org/archives/pcworks/ .  
All email posted to the list will be placed there in the event anyone needs to 
look for previous posts.
-zxdjhu-

Other related posts:

  • » [PCWorks] Microsoft DirectShow MJPEG Decompression Vulnerability - Clint Hamilton-PCWorks Admin
  1. Home
  2. pcworks
  3. Archive
  4. 04-2009