HighProventia Network IPS, Proventia Desktop, Proventia-G 1.1 and earlier, Proventia Network MFS, Proventia Server IPS for Linux technology, Proventia Server IPS for Microsoft Windows technology, BlackICE Server Protection, BlackICE PC Protection, RealSecure Server Sensor, RealSecure Network:
This signature detects a malformed ASF media file which will cause a heap-based buffer overflow in vulnerable software on systems that have not applied updates per Microsoft Security Bulletin MS07-068
High
Proventia Network IPS: XPU 27.070, Proventia Desktop: 2080, Proventia-G 1.1 and earlier: XPU 27.070, Proventia Network MFS: XPU 27.070, Proventia Server IPS for Linux technology: 27.070, Proventia Server IPS for Microsoft Windows technology: 1.0.914.2080, BlackICE Server Protection: 3.6.cqn, BlackICE PC Protection: 3.6cqn, RealSecure Server Sensor: XPU 27.070, RealSecure Network: XPU 27.070
Microsoft Windows 2000: SP4, Microsoft Windows 2003 Server: x64, Microsoft Windows XP: SP2, Microsoft Windows XP: Professional x64, Microsoft Windows Media Format Runtime: 9.5 x64, Microsoft Windows Vista, Microsoft Windows 2003 Server: SP2, Microsoft Windows 2003 Server: SP2 x64, Microsoft Windows Vista: x64, Microsoft Windows XP: SP2 Professional x64, Microsoft Windows Media Format Runtime: 7.1, Microsoft Windows Media Format Runtime: 9, Microsoft Windows Media Format Runtime: 9.5, Microsoft Windows Media Format Runtime: 11, Microsoft Windows Media Services: 9.1
Unauthorized Access Attempt
Microsoft Windows Media File Format is vulnerable to multiple heap-based buffer overflows, caused by improper validation of Advanced Systems Format (ASF) files. By persuading a victim to open a specially-crafted ASF file, a remote attacker could overflow a buffer and execute arbitrary code on the system. An attacker could exploit these vulnerabilities by sending the malicious file as an email attachment or hosting it on a Web site.
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS07-068. See References.
Microsoft Security Bulletin MS07-068
Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275)
http://www.microsoft.com/technet/security/Bulletin/MS07-068.mspx
IBM Internet Security Systems X-Force Database
Microsoft Windows Media File Format Degradable JPEG Media Stream buffer overflow
http://xforce.iss.net/xforce/xfdb/38827
IBM Internet Security Systems X-Force Database
Microsoft Windows Media File Format audio_conceal_none buffer overflow
http://xforce.iss.net/xforce/xfdb/38828
IBM Internet Security Systems X-Force Database
Microsoft Windows Media File Format Stream Property error correction and type-specific buffer overflow
http://xforce.iss.net/xforce/xfdb/38829
IBM Internet Security Systems X-Force Database
Microsoft Windows Media File Format Stream Property error correction buffer overflow
http://xforce.iss.net/xforce/xfdb/38830
IBM Internet Security Systems Protection Advisory Dec. 11, 2007
Multiple (4) Microsoft Windows Media Player .ASF Remote Code Execution Vulnerabilities
http://www.iss.net/threats/279.html
ISS X-Force
Microsoft Windows Media File Format ASF multiple buffer overflows
http://www.iss.net/security_center/static/33225.php
CVE
CVE-2007-0064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0064