|
|
AA-2009.0131 -- [Win] -- Microsoft DirectShow: Execute Arbitrary Code |
|
Date: 01 June 2009 Original URL: http://www.auscert.org.au/render.html?cid=40&it=11066 References: ESB-2009.1049 Click here for PGP verifiable version -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AA-2009.0131 AUSCERT Advisory
[Win]
Microsoft DirectShow: Execute Arbitrary Code
1 June 2009
- ---------------------------------------------------------------------------
AusCERT Advisory Summary
------------------------
Product: DirectX 7.0 on Microsoft Windows 2000 Service Pack 4
DirectX 8.1 on Microsoft Windows 2000 Service Pack 4
DirectX 9.0 on Microsoft Windows 2000 Service Pack 4
DirectX 9.0 on Windows XP Service Pack 2 and Windows
XP Service Pack 3
DirectX 9.0 on Windows XP Professional x64 Edition
Service Pack 2
DirectX 9.0 on Windows Server 2003 Service Pack 2
DirectX 9.0 on Windows Server 2003 x64 Edition Service
Pack 2
DirectX 9.0 on Windows Server 2003 with SP2 for
Itanium-based Systems
Operating System: Windows
Impact: Execute Arbitrary Code/Commands
Access: Remote/Unauthenticated
CVE Names: CVE-2009-1537
Member content until: Friday, June 26 2009
Revision History: June 1 2009: Added CVE
May 29 2009: Initial Release
OVERVIEW:
A vulnerability in Microsoft DirectX, which could allow remote
execution of arbitrary code, is currently being investigated.
IMPACT:
This vulnerability, which may allow remote execution of arbitrary
code, could be exploited if a user was tricked into opening a
malformed QuickTime media file. It has been established Windows
2000 Service Pack 4, Windows XP, and Windows Server 2003 are
vulnerable, however all versions of Windows Vista and Windows
Server 2008 are unaffected. Active exploitation of this vulnerability
has been confirmed. [1]
MITIGATION:
This issue is still under investigation and currently there is no
patch available.
Microsoft has suggested some workarounds, such as:
- Disabling the parsing of QuickTime content in quartz.dll
- Modifying the Access Control List on quartz.dll
- Unregistering quartz.dll
For further details and mitigation strategies, please refer to the
Microsoft website. [1]
REFERENCES:
[1] Microsoft Security Advisory (971778)
http://www.microsoft.com/technet/security/advisory/971778.mspx
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFKIwQONVH5XJJInbgRAsoqAJ9J6LYCyxAUmKI94nVRWtCfzsKyzACeJS/o
AOTRVjYiaAEvEjZakp/Fh70=
=NEjI
-----END PGP SIGNATURE-----
|