Microsoft DirectX DirectPlay denial of service

ms-directx-directplay-dos (16306) The risk level is classified as MediumMedium Risk

Description:

Microsoft DirectX is vulnerable to a denial of service attack, caused by improper validation of packets by the IDirectPlay4 API within DirectPlay, which is a network protocol for games shipped with Microsoft DirectX. By sending a malformed packet, a remote attacker could cause the DirectPlay program to crash.


Consequences:

Denial of Service

Remedy:

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS04-016. See References.

References:

  • Microsoft Security Bulletin MS04-016: Vulnerability in DirectPlay Could Allow Denial of Service (839643).
  • BID-10487: Microsoft DirectX DirectPlay Remote Malformed Packet Denial Of Service Vulnerability
  • CVE-2004-0202: IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
  • OSVDB ID: 6742: Microsoft DirectPlay Packet Validation DoS
  • SA11802: Microsoft DirectPlay Packet Validation Denial of Service Vulnerability

Platforms Affected:

  • Microsoft Windows 2000 SP3
  • Microsoft Windows 2000 SP4
  • Microsoft Windows 2000 SP2
  • Microsoft Windows 2003 Server x64
  • Microsoft Windows 2003 Server
  • Microsoft Windows 98
  • Microsoft Windows Me
  • Microsoft Windows XP 2003 x64
  • Microsoft Windows XP SP1 x64
  • Microsoft Windows XP
  • Microsoft Windows XP SP1

Reported:

Jun 08, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page