MS.DirectShow.AVI.Decoder.Buffer.Overflow

description-logoDescription

QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted "strn" element with a modified length value.

affected-products-logoAffected Products

Microsoft DirectX 8.0, 8.0a, 8.1, 8.1a, 8.1b, and 8.2 when installed on Windows 2000 Service Pack 4
Microsoft DirectX 9.0, 9.0a, 9.0b, and 9.0c when installed on Windows 2000 Service Pack 4
Microsoft DirectX 9.0, 9.0a, 9.0b, and 9.0c when installed on Windows XP Service Pack 1
Microsoft DirectX 9.0, 9.0a, 9.0b, and 9.0c when installed on Windows Server 2003

Impact logoImpact

System compromise: remote code execution.

recomended-action-logoRecommended Actions

Microsoft has released a patch for this vulnerability. The patch is available at:
http://www.microsoft.com/technet/security/bulletin/MS05-050.mspx

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-12-11 16.978
2019-02-01 14.540 Name:Microsoft.
DirectShow.
AVI.
Decoder.
Buffer.
Overflow:MS.
DirectShow.
AVI.
Decoder.
Buffer.
Overflow