Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: MS05-050 Vulnerability in DirectShow - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS05-050 Vulnerability in DirectShow
KB: 904706
CVE: CAN-2005-2128

DirectShow is part of DirectX. This component is used to display audio and video stream. DirectX is able to do so very fast and efficiently by taking advantage of hardware specific acceleration.

In order to trigger this vulnerability, a user has to open a malicious .avi video file. If opened, the file may execute arbitrary code. This vulnerability is not able to escalate privileges by itself. So wherever damage will be done will be limited to files the user running DirectShow has access to.

Malicious .avi files would likely be delivered as an instant message link, a URL on a web site or they may be attached to an e-mail message.

Standard "safe computing" practices will help mitigate this vulnerability. For example, do not log in as "Administrator" for day to day work and avoid accessing untrusted web sites. However, these steps are not perfect and patching is highly recommended.

In some cases, in particular on servers, you may be able to do without DirectX. Let us know if you have a recipe on how to disable DirectX.

http://www.microsoft.com/technet/security/Bulletin/MS05-050.mspx
Joshua

34 Posts

Sign Up for Free or Log In to start participating in the conversation!