Microsoft DirectX DirectShow WAV and AVI code execution (RIFF_WAV_DirectShow_Overflow)

About this signature or vulnerability

Proventia Desktop, Proventia Network IPS, RealSecure Network, RealSecure Server Sensor, BlackICE Server Protection, BlackICE PC Protection, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, IBM Security Server Protection for Windows, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:

This signature detects a RIFF/WAV file specially crafted to overflow a buffer, allowing code execution.

This signature detects RIFF/WAV file specially crafted to overflow a buffer, allowing code execution.

Default risk level

 High

Sensors that have this signature

Proventia Desktop: 2130, Proventia Network IPS: XPU 27.120, RealSecure Network: XPU 27.120, RealSecure Server Sensor: XPU 27.120, BlackICE Server Protection: 3.6.cqs, BlackICE PC Protection: 3.6cqs, Proventia Network MFS: XPU 27.120, Proventia-G 1.1 and earlier: XPU 27.120, Proventia Network IDS: XPU 27.120, IBM Security Server Protection for Windows: 1.0.914.2130, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia Server IPS for Linux technology: 27.120, Virtual Server Protection for Vmware: 1.0

Systems affected

Microsoft DirectX: 7.0, Microsoft DirectX: 8.1, Microsoft DirectX: 9.0a, Microsoft Windows 2000: SP4, Microsoft Windows 2003 Server: x64, Microsoft Windows XP: SP2, Microsoft Windows 2003 Server: SP1, Microsoft Windows XP: x64 Professional, Microsoft Windows 2003 Server: SP1 Itanium, Microsoft DirectX: 9.0, Microsoft DirectX: 9.0b, Microsoft DirectX: 9.0c, Microsoft Windows Vista, Microsoft Windows Server 2003: SP2, Microsoft Windows Server 2003: SP2 Itanium, Microsoft Windows Server 2003: SP2 x64, Microsoft Windows Vista: x64, Microsoft Windows XP: SP2 x64 Professional, Microsoft DirectX: 10.0

Type

Unauthorized Access Attempt

Vulnerability description

How to remove this vulnerability

References