HighIBM Security Server Protection for Windows, Proventia Network IDS, Proventia-G 1.1 and earlier, Proventia Network MFS, BlackICE Server Protection, BlackICE PC Protection, RealSecure Network, RealSecure Server Sensor, Proventia Network IPS, Proventia Desktop, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology:
This signature detects a malformed ASF media file which will cause a heap-based buffer overflow in vulnerable software on systems that have not applied updates per Microsoft Security Bulletin MS07-068
High
IBM Security Server Protection for Windows: 1.0.914.2080, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia Network IDS: XPU 27.070, Proventia-G 1.1 and earlier: XPU 27.070, Proventia Network MFS: XPU 27.070, BlackICE Server Protection: 3.6.cqn, BlackICE PC Protection: 3.6cqn, RealSecure Network: XPU 27.070, RealSecure Server Sensor: XPU 27.070, Proventia Network IPS: XPU 27.070, Proventia Desktop: 2080, Virtual Server Protection for Vmware: 1.0, Proventia Server IPS for Linux technology: 27.070
Microsoft Windows 2000: SP4, Microsoft Windows 2003 Server: x64, Microsoft Windows XP: SP2, Microsoft Windows XP: x64 Professional, Microsoft Windows Media Format Runtime: 9.5 x64, Microsoft Windows Vista, Microsoft Windows Server 2003: SP2, Microsoft Windows Server 2003: SP2 x64, Microsoft Windows Vista: x64, Microsoft Windows XP: SP2 x64 Professional, Microsoft Windows Media Format Runtime: 7.1, Microsoft Windows Media Format Runtime: 9, Microsoft Windows Media Format Runtime: 9.5, Microsoft Windows Media Format Runtime: 11, Microsoft Windows Media Services: 9.1
Unauthorized Access Attempt
Microsoft Windows Media File Format is vulnerable to multiple heap-based buffer overflows, caused by improper validation of Advanced Systems Format (ASF) files. By persuading a victim to open a specially-crafted ASF file, a remote attacker could overflow a buffer and execute arbitrary code on the system. An attacker could exploit these vulnerabilities by sending the malicious file as an email attachment or hosting it on a Web site.
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.
Microsoft Security Bulletin MS07-068
Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275)
http://www.microsoft.com/technet/security/Bulletin/MS07-068.mspx
IBM Internet Security Systems X-Force Database
Microsoft Windows Media File Format Degradable JPEG Media Stream buffer overflow
http://xforce.iss.net/xforce/xfdb/38827
IBM Internet Security Systems X-Force Database
Microsoft Windows Media File Format audio_conceal_none buffer overflow
http://xforce.iss.net/xforce/xfdb/38828
IBM Internet Security Systems X-Force Database
Microsoft Windows Media File Format Stream Property error correction and type-specific buffer overflow
http://xforce.iss.net/xforce/xfdb/38829
IBM Internet Security Systems X-Force Database
Microsoft Windows Media File Format Stream Property error correction buffer overflow
http://xforce.iss.net/xforce/xfdb/38830
IBM Internet Security Systems Protection Advisory Dec. 11, 2007
Multiple (4) Microsoft Windows Media Player .ASF Remote Code Execution Vulnerabilities
http://www.iss.net/threats/279.html
Microsoft Security Bulletin MS08-076
Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)
http://www.microsoft.com/technet/security/bulletin/ms08-076.mspx
ISS X-Force
Microsoft Windows Media File Format ASF multiple buffer overflows
http://www.iss.net/security_center/static/33225.php
CVE
CVE-2007-0064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0064