Microsoft DirectShow Video Streaming ActiveX IMPEG2TuneRequest Overflow

Added: 07/07/2009
CVE: CVE-2008-0015
BID: 35558
OSVDB: 55651

Background

DirectX is a feature of the Windows operating system used for streaming media. Within DirectX, the DirectShow technology performs client-side audio and video sourcing, manipulation and rendering.

Problem

A stack buffer overflow vulnerability in DirectShow allows command execution when a user loads a page that invokes the BDATuner.IMPEG2TuneRequest ActiveX control to parse a malicious GIF image.

Resolution

Apply one of the workarounds described in Microsoft Security advisory 972890.

References

http://isc.sans.org/diary.html?storyid=6733&rss

Limitations

Exploit requires a user to open the exploit page in Internet Explorer 6 or 7.

Platforms

Windows XP

Back to exploit index