A vulnerability has been identified in Microsoft DirectShow, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by an unspecified error when processing specially crafted compressed files, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a specially crafted MJPEG file or receiving specially crafted streaming content from a Web site or any application that delivers Web content.

Affected Products

Microsoft DirectX 8.1
Microsoft DirectX 9.0

Microsoft Windows 2000 Service Pack 4
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP1 (Itanium)
Microsoft Windows Server 2003 SP2 (Itanium)

Solution

Apply patches :
http://www.microsoft.com/technet/security/Bulletin/MS09-011.mspx

References

http://www.vupen.com/english/advisories/2009/1025
http://www.microsoft.com/technet/security/Bulletin/MS09-011.mspx
http://www.piotrbania.com/all/adv/ms-directx-mjpeg-adv.txt

In-depth Binary Analysis

Available in customer area as part of VUPEN Binary Analysis & Exploits Service and VUPEN Vulnerability Notification Service Ultimate Feed Edition.
 

Private Exploit or PoC

Available in customer area as part of VUPEN Binary Analysis & Exploits Service and VUPEN Vulnerability Notification Service Ultimate Feed Edition.
 

Credits

Vulnerability reported by Piotr Bania (Kryptos Logic).

Changelog

2009-04-14 : Initial release

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.