This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
APP:WMP:DSHOW-BIGCHUNK-SMTP
|
Severity |
Minor
|
Recommended |
No
|
Category |
APP
|
Keywords |
Windows Media Player DirectShow Vulnerability (SMTP)
|
Release Date |
2005/10/11
|
Update Number |
1213
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
APP: Windows Media Player DirectShow Vulnerability (SMTP)
This signature detects invalid AVI files sent through SMTP. Attackers can send a corrupted AVI file as an e-mail attachment. A successful attack can allow code execution on a Microsoft Windows systems.
Extended Description
A buffer overflow vulnerability exists in the Microsoft Windows DirectX component. This issue is related to processing of .AVI (Audio Visual Interleave) media files. The specific vulnerability exists in DirectShow and could be exposed through applications that employ DirectShow to process .AVI files.
Successful exploitation will permit execution of arbitrary code in the context of the user who opens a malicious .AVI file.
This issue could be exploited through any means that will allow the attacker to deliver a malicious .AVI file to a victim user. In Web-based attack scenarios, exploitation could occur automatically if the malicious Web page can cause the .AVI file to be loaded automatically by Windows Media Player. Other attack vectors such as email or instant messaging may require the victim user to manually open the malicious .AVI.
It is not known if third-party applications rely on DirectShow to process .AVI files. If so, these applications could also present an attack vector.
Affected Products
- Avaya definityone_media_servers R10
- Avaya definityone_media_servers R11
- Avaya definityone_media_servers R12
- Avaya definityone_media_servers R6
- Avaya definityone_media_servers R7
- Avaya definityone_media_servers R8
- Avaya definityone_media_servers R9
- Avaya definityone_media_servers
- Avaya ip600_media_servers R10
- Avaya ip600_media_servers R11
- Avaya ip600_media_servers R12
- Avaya ip600_media_servers R6
- Avaya ip600_media_servers R7
- Avaya ip600_media_servers R8
- Avaya ip600_media_servers R9
- Avaya ip600_media_servers
- Avaya s3400_message_application_server
- Avaya s8100_media_servers R10
- Avaya s8100_media_servers R11
- Avaya s8100_media_servers R12
- Avaya s8100_media_servers R6
- Avaya s8100_media_servers R7
- Avaya s8100_media_servers R8
- Avaya s8100_media_servers R9
- Avaya s8100_media_servers
- Avaya unified_communication_center
- Microsoft directx 7.0
- Microsoft directx 8.0
- Microsoft directx 8.0 a
- Microsoft directx 8.1
- Microsoft directx 8.1 a
- Microsoft directx 8.1 b
- Microsoft directx 8.2
- Microsoft directx 9.0
- Microsoft directx 9.0 a
- Microsoft directx 9.0b
- Microsoft directx 9.0 c
- Microsoft small_business_server_2003
- Microsoft windows_2000_advanced_server SP4
- Microsoft windows_2000_datacenter_server SP4
- Microsoft windows_2000_professional SP4
- Microsoft windows_2000_server SP4
- Microsoft windows_98
- Microsoft windows_98se
- Microsoft windows_me
- Microsoft windows_media_player 9.0
- Microsoft windows_server_2003_datacenter_edition SP1
- Microsoft windows_server_2003_datacenter_edition
- Microsoft windows_server_2003_datacenter_edition_itanium SP1
- Microsoft windows_server_2003_datacenter_edition_itanium
- Microsoft windows_server_2003_datacenter_x64_edition
- Microsoft windows_server_2003_enterprise_edition SP1
- Microsoft windows_server_2003_enterprise_edition
- Microsoft windows_server_2003_enterprise_edition_itanium SP1
- Microsoft windows_server_2003_enterprise_edition_itanium
- Microsoft windows_server_2003_enterprise_x64_edition
- Microsoft windows_server_2003_standard_edition SP1
- Microsoft windows_server_2003_standard_edition
- Microsoft windows_server_2003_standard_x64_edition
- Microsoft windows_server_2003_web_edition SP1
- Microsoft windows_server_2003_web_edition
- Microsoft windows_xp_home SP1
- Microsoft windows_xp_home SP2
- Microsoft windows_xp_media_center_edition SP1
- Microsoft windows_xp_media_center_edition SP2
- Microsoft windows_xp_professional SP1
- Microsoft windows_xp_professional SP2
- Microsoft windows_xp_professional_x64_edition
- Microsoft windows_xp_tablet_pc_edition SP1
- Microsoft windows_xp_tablet_pc_edition SP2
- Nortel_networks callpilot 1.0.7
- Nortel_networks callpilot 2.0.0
- Nortel_networks callpilot 3.0.0
- Nortel_networks callpilot 4.0.0
- Nortel_networks centrex_ip_client_manager 2.5.0
- Nortel_networks centrex_ip_element_manager 2.5.0
References