HighIBM Security Server Protection for Windows, Proventia Network IDS, Proventia-G 1.1 and earlier, Proventia Network MFS, BlackICE Server Protection, BlackICE PC Protection, RealSecure Server Sensor, RealSecure Network, Proventia Desktop, Proventia Network IPS, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology:
This signature detects a RIFF file specially crafted to overflow a buffer, allowing remote code execution
High
IBM Security Server Protection for Windows: 2.1.14.2400, IBM Security Server Protection for Windows: 2.0.252.2140, IBM Security Server Protection for Windows: 1.0.914.2140, Proventia Network IDS: XPU 28.010, Proventia-G 1.1 and earlier: XPU 28.010, Proventia Network MFS: XPU 28.010, BlackICE Server Protection: 3.6.cqt, BlackICE PC Protection: 3.6cqt, RealSecure Server Sensor: XPU 28.010, RealSecure Network: XPU 28.010, Proventia Desktop: 2140, Proventia Network IPS: XPU 28.010, Virtual Server Protection for Vmware: 1.0, Proventia Server IPS for Linux technology: 28.010
Microsoft DirectX: 8.1, Microsoft DirectX: 9.0a, Microsoft DirectX: 9.0, Microsoft DirectX: 9.0b, Microsoft DirectX: 9.0c, Microsoft DirectX: 10.0
Unauthorized Access Attempt
Microsoft Windows DirectX could allow a remote attacker to execute arbitrary code on the system, caused by improper error checking on MJPEG video streams embedded within Audio Video Interleave (AVI) or Advanced Systems Format (ASF) media files. By persuading a victim to open a specially-crafted ASF or AVI, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.
Microsoft Security Bulletin MS08-033
Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)
http://www.microsoft.com/technet/security/Bulletin/MS08-033.mspx
NORTEL BULLETIN ID: 2008008891, Rev 1
Centrex IP Client Manager (CICM) response to Microsoft June security bulletin
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=734247
NORTEL BULLETIN ID: 2008008897, Rev 1
Nortel Response to Microsoft Security Bulletin MS08-033
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=734154
HPSBST02344 SSRT080087 rev.1
Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-030 to MS08-036
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01482941
Microsoft Security Bulletin MS09-011
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)
http://www.microsoft.com/technet/security/bulletin/ms09-011.mspx
Microsoft Security Bulletin MS09-028
Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)
http://www.microsoft.com/technet/security/bulletin/ms09-028.mspx
Microsoft Security Bulletin MS10-013
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)
http://www.microsoft.com/technet/security/bulletin/ms10-013.mspx
Microsoft Security Bulletin MS10-033
Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)
http://www.microsoft.com/technet/security/bulletin/ms10-033.mspx
Microsoft Security Bulletin MS10-094
Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (2447961
http://www.microsoft.com/technet/security/bulletin/ms10-094.mspx
Microsoft Security Bulletin MS12-004
Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)
http://www.microsoft.com/technet/security/bulletin/ms12-004.mspx
ISS X-Force
Microsoft Windows DirectX MJPEG decoder code execution
http://www.iss.net/security_center/static/39052.php
CVE
CVE-2008-0011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0011