Microsoft DirectX DirectPlay denial of service

ms-directx-directplay-dos (16306) The risk level is classified as LowLow Risk

Description:

Microsoft DirectX is vulnerable to a denial of service attack, caused by improper validation of packets by the IDirectPlay4 API within DirectPlay, which is a network protocol for games shipped with Microsoft DirectX. By sending a malformed packet, a remote attacker could cause the DirectPlay program to crash.

Platforms Affected:

  • Microsoft, Windows 2000 SP4
  • Microsoft, Windows 2000 SP2
  • Microsoft, Windows 2000 SP3
  • Microsoft, Windows 2003 Server x64
  • Microsoft, Windows 2003 Server
  • Microsoft, Windows 98
  • Microsoft, Windows Me
  • Microsoft, Windows XP 2003 64-bit
  • Microsoft, Windows XP
  • Microsoft, Windows XP SP1
  • Microsoft, Windows XP SP1 64-bit

Remedy:

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS04-016. See References.

Consequences:

Denial of Service

References:

  • Microsoft Security Bulletin MS04-016, Vulnerability in DirectPlay Could Allow Denial of Service (839643) at http://www.microsoft.com/technet/security/Bulletin/MS04-016.mspx.
  • BID-10487: Microsoft DirectX DirectPlay Remote Malformed Packet Denial Of Service Vulnerability
  • CVE-2004-0202: IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
  • OSVDB ID: 6742: Microsoft DirectPlay Packet Validation DoS
  • SA11802: Microsoft DirectPlay Packet Validation Denial of Service Vulnerability

Reported:

Jun 08, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page