APP: Windows Media Player DirectShow Vulnerability (SMTP)
This signature detects invalid AVI files sent through SMTP. Attackers can send a corrupted AVI file as an e-mail attachment. A successful attack can allow code execution on a Microsoft Windows systems.
Extended Description
A buffer overflow vulnerability exists in the Microsoft Windows DirectX component. This issue is related to processing of .AVI (Audio Visual Interleave) media files. The specific vulnerability exists in DirectShow and could be exposed through applications that employ DirectShow to process .AVI files. Successful exploitation will permit execution of arbitrary code in the context of the user who opens a malicious .AVI file. This issue could be exploited through any means that will allow the attacker to deliver a malicious .AVI file to a victim user. In Web-based attack scenarios, exploitation could occur automatically if the malicious Web page can cause the .AVI file to be loaded automatically by Windows Media Player. Other attack vectors such as email or instant messaging may require the victim user to manually open the malicious .AVI. It is not known if third-party applications rely on DirectShow to process .AVI files. If so, these applications could also present an attack vector.
Affected Products
Avaya s8100_media_servers,Avaya ip600_media_servers
References
BugTraq: 15063
CVE: CVE-2005-2128
URL: http://www.microsoft.com/technet/security/bulletin/MS05-050.mspx
Short Name
APP:WMP:DSHOW-BIGCHUNK-SMTP
Severity
Minor
Recommended
False
Recommended Action
None
Category
APP
Keywords
(SMTP) CVE-2005-2128 DirectShow Media Player Vulnerability Windows bid:15063
Release Date
10/12/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Nortel_networks
Microsoft
Avaya
CVSS Score
5.0