Overview
A buffer overflow in Microsoft DirectShow may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Description
Microsoft DirectShow is a programming architecture for streaming multimedia on the Microsoft Windows platform. An input validation error in the DirectShow architecture may allow a buffer overflow to occur in applications or components that use DirectShow. If a remote, unauthenticated attacker supplies an application or component that uses DirectShow with a specially crafted media file, that attacker may be able to trigger the buffer overflow and, consequently, execute arbitrary code. For more information, including a list of affected software, please see MS05-050. |
Impact
By convincing a user to open a specially crafted media file with an application that uses DirectShow, an attacker may be able to execute arbitrary code with the privileges of the user. |
Solution
Apply an update Microsoft has addressed this issue in Microsoft Security Bulletin MS05-050. |
Do not accept media files from untrusted sources
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was reported by in Microsoft Security Bulletin MS05-050. Microsoft credits eEye Digital Security for reporting this vulnerability.
This document was written by Jeff Gennari.
Other Information
| CVE IDs: | CVE-2005-2128 |
| Severity Metric: | 14.70 |
| Date Public: | 2005-10-11 |
| Date First Published: | 2005-10-11 |
| Date Last Updated: | 2005-10-14 17:37 UTC |
| Document Revision: | 29 |