HTTP: Microsoft DirectX WAV and AVI File Parsing Code Execution
This signature detects attempts to exploit a known buffer overflow vulnerability in Microsoft DirectX application framework. It is due to the way certain DirectX libraries handle specially crafted WAV and AVI files. A remote attacker can exploit this by persuading a user to open a specially crafted WAV or AVI file, potentially causing arbitrary code to be injected and executed in the security context of the logged in user. In a successful code injection attack, the behavior of the target host is entirely dependent on the intended function of the injected code and execute within the security context of the current user. In an unsuccessful attack, the application utilizing the vulnerable DirectX library terminates.
Extended Description
Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file.
Short Name
HTTP:STC:DIRECTX-AVI-WAV-PARSE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
AVI CVE-2007-3895 Code DirectX Execution File Microsoft Parsing WAV and bid:26804
Release Date
10/20/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
CVSS Score
9.3