HighProventia Desktop, Proventia Network IPS, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Server IPS for Linux technology, RealSecure Server Sensor, RealSecure Network, BlackICE PC Protection, BlackICE Server Protection, Proventia Server IPS for Microsoft Windows technology:
This signature detects a malformed SAMI file that could exploit a vulnerability in the quartz.dll module of Windows Media Player to allow remote code execution.
High
Proventia Desktop: 2210, Proventia Network IPS: XPU 28.070, Proventia Network MFS: XPU 28.070, Proventia-G 1.1 and earlier: XPU 28.070, Proventia Server IPS for Linux technology: 28.070, RealSecure Server Sensor: XPU 28.070, RealSecure Network: XPU 28.070, BlackICE PC Protection: 3.6cra, BlackICE Server Protection: 3.6.cra, Proventia Server IPS for Microsoft Windows technology: 2.0.300.2210, Proventia Server IPS for Microsoft Windows technology: 1.0.914.2210
HP Storage Management Appliance: 2.1, Microsoft DirectX: 8.1, Microsoft DirectX: 7.0
Unauthorized Access Attempt
Microsoft Windows DirectX is vulnerable to a stack-based buffer overflow, caused by improper bounds checking of the Accessible Media Interchange (SAMI) "Class Name"parameter. By persuading a victim to open a specially-crafted SAMI file, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the victim.
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS08-033. See References.
For other distributions:
Apply the appropriate update for your system. See References.
Microsoft Security Bulletin MS08-033
Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)
http://www.microsoft.com/technet/security/Bulletin/MS08-033.mspx
ZDI-08-040
Microsoft DirectX SAMI File Format Name Parsing Stack Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-040/
NORTEL BULLETIN ID: 2008008891, Rev 1
Centrex IP Client Manager (CICM) response to Microsoft June security bulletin
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=734247
NORTEL BULLETIN ID: 2008008897, Rev 1
Nortel Response to Microsoft Security Bulletin MS08-033
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=734154
ISS X-Force
Microsoft Windows DirectX SAMI buffer overflow
http://www.iss.net/security_center/static/42674.php
CVE
CVE-2008-1444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1444