MA-180.072009: MyCERT Alert - Multiple Vulnerabilities in Microsoft DirectShow

1.0 Introduction

Multiple vulnerabilities have been identified in Microsoft DirectShow. The vulnerabilities could allow remote code execution if a user opened a specially crafted QuickTime media file. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system.

2.0 Impact

By exploiting these vulnerabilities, an attacker could execute arbitrary code on vulnerable installations of Microsoft DirectShow and gain the same privilege as the user. These vulnerabilities could be exploited to install malware on the user's computer.

3.0 Affected Products

Microsoft DirectX on Microsoft Windows operating systems listed below are vulnerable to these vulnerabilities:

• DirectX 7.0
  • Microsoft Windows 2000 Service Pack 4
    
    
• DirectX 8.1
  • Microsoft Windows 2000 Service Pack 4
    
    
• DirectX 9.0
  • Microsoft Windows 2000 Service Pack
  • Windows XP Service Pack 2 and Windows XP Service Pack 3
  • Windows XP Professional x64 Edition Service Pack 2
  • Windows Server 2003 Service Pack 2
  • Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2003 with SP2 for Itanium-based Systems

4.0 Recommendation

MyCERT recommends users to enable the Automatic Updates feature because the security update will be downloaded and installed automatically. For information about specific configuration options in automatic updating, please refer to this URL: http://support.microsoft.com/kb/294871

If user is not able to perform the update by using Automatic Updates feature, manual download for the patch can be obtained for specific DirectX version and operating system:

• DirectX 7.0
  • Microsoft Windows 2000 Service Pack 4
    http://www.microsoft.com/downloads/details.aspx?FamilyId=e3e54348-6548-4162-b4c0-9910ec6e18b3
    
    
• DirectX 8.1
  • Microsoft Windows 2000 Service Pack 4
    http://www.microsoft.com/downloads/details.aspx?FamilyId=ce297c3e-8122-4276-a9c2-d1a404f8028d
    
    
• DirectX 9.0
  
  • Microsoft Windows 2000 Service Pack 4
    http://www.microsoft.com/downloads/details.aspx?FamilyId=862db2ad-3c1f-4a26-af70-d8c4f5a69dda
    
    
  • Windows XP Service Pack 2 and Windows XP Service Pack 3
    http://www.microsoft.com/downloads/details.aspx?FamilyId=09d585cb-481d-4767-875e-9c6ebe456b80
    
    
  • Windows XP Professional x64 Edition Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?FamilyId=f8cd4803-82da-467c-8cb1-520f5a6021d4
    
    
  • Windows Server 2003 Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?FamilyId=571d57c5-1ef8-4dc4-a1e5-2211a805f0cc
    
    
  • Windows Server 2003 x64 Edition Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?FamilyId=1779cbc0-0c29-4fac-a3a6-8b335ffcb98e
    
    
  • Windows Server 2003 with SP2 for Itanium-based Systems
    http://www.microsoft.com/downloads/details.aspx?FamilyId=48282a89-f849-405a-a31e-2676f45b5042

Generally, MyCERT advises the users of these softwares to be updated with the latest security announcements by the vendor. Users who receive suspicious URL can forward them to MyCERT for further analysis.

MyCERT can be reached through the following channels:

E-mail : mycert@mycert.org.my
Phone : +603 89926969 or 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : +60 19 2813801 (24x7 SMS reporting)
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my

5.0 References

• http://www.microsoft.com/technet/security/bulletin/MS09-028.mspx
• http://www.zerodayinitiative.com/advisories/ZDI-09-045/