MS05-050 Vulnerability in DirectShow

Published: 2005-10-11
Last Updated: 2005-10-11 20:07:04 UTC
by Joshua Wright (Version: 2)
0 comment(s)
KB: 904706
CVE: CAN-2005-2128

DirectShow is part of DirectX. This component is used to display audio and video stream. DirectX is able to do so very fast and efficiently by taking advantage of hardware specific acceleration.

In order to trigger this vulnerability, a user has to open a malicious .avi video file. If opened, the file may execute arbitrary code. This vulnerability is not able to escalate privileges by itself. So wherever damage will be done will be limited to files the user running DirectShow has access to.

Malicious .avi files would likely be delivered as an instant message link, a URL on a web site or they may be attached to an e-mail message.

Standard "safe computing" practices will help mitigate this vulnerability. For example, do not log in as "Administrator" for day to day work and avoid accessing untrusted web sites. However, these steps are not perfect and patching is highly recommended.

In some cases, in particular on servers, you may be able to do without DirectX. Let us know if you have a recipe on how to disable DirectX.
0 comment(s)


Diary Archives