MS-ISAC ADVISORY NUMBER:
2008-022

DATE(S) ISSUED:
6/10/2008

SUBJECT:
Two Vulnerabilities in DirectX Could Allow Remote Code Execution

OVERVIEW:
Two vulnerabilities have been discovered in Microsoft DirectX which could allow a remote attacker to take complete control of an affected system. DirectX is Microsoft software that adds enhanced multimedia functionality. These vulnerabilities can be exploited if a user opens an email attachment containing a malicious media file or visits a web site hosting malicious media files. Successful exploitation of these vulnerabilities will allow an attacker to gain the same rights as the logged on user. If the user is logged in with administrator privileges, the attacker could then install programs, view, change, or delete data, or create new accounts with full privileges. This could lead to complete control of the compromised system. Unsuccessful exploitation attempts may cause a program to crash.

SYSTEMS AFFECTED:

  • DirectX 7.0
  • DirectX 8.1
  • DirectX 9.0
  • DirectX 10.0

RISK:

Government:
Large and medium government entities: High
Small government entities: High

Businesses:
Large and medium business entities: High
Small business entities: High

Home users: High

DESCRIPTION:
Two vulnerabilities have been discovered in the way Microsoft DirectX processes certain types of media files. Microsoft DirectX is a collection of application programming interfaces related to multimedia programming and video on Microsoft platforms. Details of these vulnerabilities are as follows:

MJPEG Decoder Vulnerability
A vulnerability has been discovered in the way the Windows MJPEG Codec handles MJPEG video streams embedded in ASF or AVI files. MJPEG is a multimedia format which allows for individual video frames to be compressed as a JPEG image, creating a video stream. In order to exploit this vulnerability, an attacker would either need to host malicious content on a website, send the malicious content via email, or distribute via other file delivery mechanisms.

SAMI Format Parsing Vulnerability
A vulnerability has been discovered in the way DirectX handles SAMI (Synchronized Accessible Media Interchange) media files. SAMI files are used to caption digital media. In order to exploit this vulnerability, an attacker would need to convince a user to visit a malicious website.

RECOMMENDATIONS:
We recommend the following actions be taken:

  • Apply appropriate patches provided by Microsoft to vulnerable systems immediately after appropriate testing
  • Run all software as a non-privileged user (one without administrative privilege) to diminish the effects of a successful attack.
  • Do not visit untrusted websites or follow links provided by unknown or un-trusted sources.
  • Do not open email attachments from untrusted sources.

REFERENCES:

Microsoft:
http://www.microsoft.com/technet/security/bulletin/MS08-033.mspx(New Window)

Security Focus:
http://www.securityfocus.com/bid/28581(New Window)
http://www.securityfocus.com/bid/29578(New Window)

CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0011(New Window)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1444(New Window)



This cyber advisory was issued by the Multi-State Information Sharing and Analysis Center (MS-ISAC) and was intended for government entities. The information may or may not be applicable to the general public and accordingly, the MS-ISAC does not warrant its use for any specific purposes.