Microsoft DirectX SAMI parser buffer overflow

Added: 01/22/2008
CVE: CVE-2007-3901
BID: 26789
OSVDB: 39126

Background

DirectX is a feature of the Windows operating system used for streaming media.

Problem

A buffer overflow vulnerability in DirectX allows command execution when a user opens a specially crafted SAMI file in Windows Media Player.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 07-064.

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=632

Limitations

Exploit works on Windows 2000 with DirectX 7.0 (4.07.00.0700) or DirectX 8.1 (4.08.01.0881). Successful exploitation requires a user to open the exploit file in Windows Media Player 6.4.

Platforms

Windows 2000

Back to exploit index