HTTP: Microsoft DirectX RLE Compressed Targa Image File Heap Overflow

This signature detects attempts to exploit a known buffer overflow vulnerability in Microsoft DirectX application framework. It is due to the way certain DirectX libraries handle specially crafted Targa (TGA) image files that are compressed using the Run-Length Encoding (RLE) method. A remote attacker can exploit this by persuading a user to open a specially crafted TGA file, potentially causing arbitrary code to be injected and executed in the security context of the logged in user. In a successful code injection attack, the behavior of the target is entirely dependent on the intended function of the injected code. It executes within the security context of the current user. In an unsuccessful code injection attack, the application using the affected application terminates immediately.

Extended Description

A heap-based buffer-overflow vulnerability occurs in the Microsoft Windows DirectX component. This issue is related to the processing of compressed Targa image files. The specific vulnerability occurs because of the way these files are opened. A successful exploit will permit attackers to execute arbitrary code in the context of the user who opens a malicious RLE Targa image file. An attacker can exploit this issue through any means that will allow the attacker to deliver a malicious Targa file to a victim user. In web-based attack scenarios, exploits could occur automatically if the malicious page can cause the file to be loaded automatically by Windows Media Player. Other attack vectors such as email or instant messaging may require the victim user to manually open the malicious Targa file.

Affected Products

Microsoft directx_end_user_runtimes

References

BugTraq: 24963

CVE: CVE-2006-4183

Short Name
HTTP:STC:IMG:TARGA-IMG-HEAP
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2006-4183 Compressed DirectX File Heap Image Microsoft Overflow RLE Targa bid:24963
Release Date
10/13/2010
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Microsoft

CVSS Score

6.8

Found a potential security threat?