Intrusion Prevention

MS.DirectX.MJPEG.Stream.Handling.Code.Execution

Description

This indicates an attack attempt against a buffer-overflow vulnerability in Microsoft DirectX.
The vulnerability is caused by an error when the vulnerable software handles crafted MJPEG streams. It allows a remote attacker to execute arbitrary code by sending a crafted AVI file.

Affected Products

Microsoft DirectX 9.0b
Microsoft DirectX 9.0 c
Microsoft DirectX 9.0 a
Microsoft DirectX 9.0
Microsoft DirectX 8.1 b
Microsoft DirectX 8.1 a
Microsoft DirectX 8.1
Microsoft DirectX 10.0

Impact

System Compromise

Recommended Actions

Apply the patch supplied by the vendor:
http://www.microsoft.com/technet/security/Bulletin/MS08-033.mspx.

CVE References

CVE-2008-0011