Title

Microsoft DirectShow Remote Code Execution Vulnerability (Cat II impact)

Discussion

Microsoft has released a security bulletin addressing a vulnerability in Microsoft DirectShow. Microsoft DirectShow is used for streaming media on Microsoft Windows operating systems. To exploit this vulnerability, an attacker would entice a user to open a malicious AVI file or visit a web site hosting malicious content. If successfully exploited, this vulnerability would allow an attacker to compromise the affected systems. At this time, there are no known exploits associated with this vulnerability; JTF-GNO is not aware of any DoD related incidents. DirectShow Heap Overflow Vulnerability - (CVE-2010-0250): A remote code execution vulnerability exists in the way that Microsoft DirectShow parses AVI media files. The Microsoft DirectShow component does not properly handle specially crafted AVI files. This vulnerability could allow remote code execution if a user opened a specially crafted AVI file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft Bulletin MS10-013 (977935). Vulnerable Applications/Systems: Microsoft Windows 2000 SP 4 Windows XP SP 2 and SP 3 Windows XP Professional x64 Edition SP 2 Windows Server 2003 SP 2 (x86, x64 and Itanium) Windows Vista, Windows Vista SP 1 and SP 2 (x86 and x64) Windows Server 2008 and Windows Server 2008 SP 2 (x86*, x64* and Itanium) Windows 7 (x86 and x64) Windows Server 2008 R2 (x64* and Itanium) * Server Core installation not affected. Verify that the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems\Applications not listed below. Avifil32.dll (977914) Windows 2000 SP4 5.0.2195.7359 Windows XP SP3 5.1.2600.5908 Windows XP SP2 x64 5.2.3790.4625 Windows 2003 SP2 5.2.3790.4625 Quartz.dll (975560) Windows 2000 SP4 (DirectX 9.0) 6.5.1.913 Windows 2000 SP4 6.1.9.738 Windows XP SP3 6.5.2600.5908 Windows XP SP2 x64 6.5.3790.4625 Windows 2003 SP2 6.5.3790.4625 Windows Vista SP1 / 2008 6.0.6001.18389 or 22590 Windows Vista SP2 / 2008 SP2 6.0.6002.18158 or 22295 Windows 7/2008 R2 fixed by SP1 Windows 7 / 2008 R2 6.6.7600.16490 or 20600

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-22679

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.