Bugtraq ID: | 26789 |
Class: | Boundary Condition Error |
CVE: | CVE-2007-3901 |
Remote: | Yes |
Local: | No |
Published: | Dec 11 2007 12:00AM |
Updated: | Jan 12 2008 12:59AM |
Credit: | Jun Mao of VeriSign iDefense is credited with the discovery of this vulnerability. |
Vulnerable: | Nortel Networks Centrex IP Client Manager 9.0 Nortel Networks Centrex IP Client Manager 10.0 Nortel Networks CallPilot 703t Nortel Networks CallPilot 702t Nortel Networks CallPilot 201i Nortel Networks CallPilot 200i Nortel Networks CallPilot 1002rp Microsoft DirectX 8.1 Microsoft DirectX 7.0 HP Storage Management Appliance III HP Storage Management Appliance II HP Storage Management Appliance I HP Storage Management Appliance 2.1 Avaya Messaging Application Server MM 3.1 Avaya Messaging Application Server MM 3.0 Avaya Messaging Application Server MM 2.0 Avaya Messaging Application Server MM 1.1 Avaya Messaging Application Server 0 |
DirectX is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data
An attacker could exploit this issue to execute arbitrary code within the privileges of the currently logged-in user. Failed exploit attempts may crash the application.
NOTE: Windows Media Player 6.4 on Windows 2000 was previously stated not to be an attack vector. The vendor has corrected this information to state that it is a possible attack vector.
[exploit]
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following exploit is available:
[solution]
Solution:
Microsoft has released updates and an advisory to address this issue. Please see the references for more information.
Microsoft DirectX 7.0
- Microsoft Security Update for Windows 2000 (KB941568)
http://www.microsoft.com/downloads/details.aspx?FamilyId=06196774-5a11 -4525-b53c-8cb000738949&displaylang=en
[references]
References:
- ASA-2007-514 - MS07-064 Vulnerabilities in DirectX Could Allow Remote Code Execu (Avaya)
- Microsoft DirectX 7 and 8 DirectShow Stack Buffer Overflow Vulnerability (iDefense Labs)
- Microsoft DirectX Web Site (Microsoft)
- iDefense Security Advisory 12.11.07: Microsoft DirectX 7 and 8 DirectShow (iDefense Labs
)
- Centrex IP Client Manager (CICM) response to Microsoft December security bulleti (Nortel Networks)
- Microsoft Security Bulletin MS07-064 (Microsoft)
- Nortel Response to Microsoft Security Bulletin MS07-064 (Nortel Networks)
- Vulnerability Note VU#804089 Microsoft DirectX SAMI parsing buffer overflow (US-CERT)
- Centrex IP Client Manager (CICM) response to Microsoft December security bulleti (Nortel Networks)