Microsoft DirectX MIDI buffer overflows
| ms-directx-midi-bo (12702) |  High Risk |
Description:
Microsoft DirectX is vulnerable to two buffer overflows in a function used by DirectShow, caused by improper filtering of Musical Instrument Digital Interface (MIDI) files. By creating a malicious MIDI file, a remote attacker could overflow a buffer and execute arbitrary code on the system, once the victim views the malicious file. An attacker could exploit this vulnerability by sending the malicious file to a victim as an email attachment or by hosting it on a Web page.
Platforms Affected:
- Microsoft, DirectX 5.2
- Microsoft, DirectX 6.1
- Microsoft, DirectX 7.0
- Microsoft, DirectX 7.0a
- Microsoft, DirectX 8.1
- Microsoft, DirectX 9.0a
- Microsoft, Windows 2003 Server
- Microsoft, Windows NT 4.0 Terminal Server
Remedy:
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.
Consequences:
Gain Access
References:
- BugTraq Mailing List, Wed Jul 23 2003 - 16:49:42 CDT , EEYE: Windows MIDI Decoder (QUARTZ.DLL) Heap Corruption at http://archives.neohapsis.com/archives/bugtraq/2003-07/0303.html.
- CERT Advisory CA-2003-18, Integer Overflows in Microsoft Windows DirectX MIDI Library at http://www.cert.org/advisories/CA-2003-18.html.
- CIAC Information Bulletin N-126, Microsoft Unchecked Buffer in DirectX Could Enable System Compromise at http://www.ciac.org/ciac/bulletins/n-126.shtml.
- Microsoft Security Bulletin MS03-030, Unchecked Buffer in DirectX Could Enable System Compromise (819696) at http://www.microsoft.com/technet/security/bulletin/ms03-030.mspx.
- Microsoft Security Bulletin MS05-050, Vulnerability in DirectShow Could Allow Remote Code Execution (904706) at http://www.microsoft.com/technet/security/Bulletin/MS05-050.mspx.
- Microsoft Security Bulletin MS07-064, Vulnerabilities in DirectShow Could Allow Remote Code Execution (941568) at http://www.microsoft.com/technet/security/Bulletin/MS07-064.mspx.
- Microsoft Security Bulletin MS08-033, Vulnerabilities in DirectX Could Allow Remote Code Execution (951698) at http://www.microsoft.com/technet/security/Bulletin/MS08-033.mspx.
- Microsoft Security Bulletin MS09-011, Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373) at http://www.microsoft.com/technet/security/bulletin/ms09-011.mspx.
- BID-8262: Microsoft DirectShow MIDI Filetype Buffer Overflow Vulnerability
- CVE-2003-0346: Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow.
- US-CERT VU#265232: Microsoft Windows DirectX MIDI library does not adequately validate MThd track values in MIDI files
- US-CERT VU#561284: Microsoft Windows DirectX MIDI library does not adequately validate Text or Copyright parameters in MIDI files
Reported:
Jul 23, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net