Preemptive Protection against a Vulnerability in Microsoft DirectShow (MS05-050)
| Attack ID: | CPAI-2005-137 |
 |
|
| Publish Date: | |
|
|
| Last Update: | |
|
|
| Category: | Content Protection |
|
|
| Vulnerable Systems: | DirectX 8.1 DirectX 9.0 Windows 2000 Windows 2003 Windows 2003 SP1 Windows ME Windows XP Windows XP SP2 |
|
|
| Source: | Microsoft Security Bulletin MS05-050 |
|
|
| Description: | Microsoft DirectShow is a program that is used for streaming media on Microsoft Windows Operating Systems. A remote code execution vulnerability exists in the Microsoft DirectShow. An attacker who successfully exploits this vulnerability can take complete control over an affected system. |
|
|
| Severity: | |
| Details: | An AVI file header can include multiple streams of data. The vulnerability lies within a specific stream name chunk. |
|
|
| Attack Detection: | Users of VPN-1 NG with Application Intelligence R55, R55W, users of VPN-1 NGX R60 and users of InterSpect who have applied the solution outlined below will identify the following log entries: Attack Name: AVI content protection violation Attack Information: Malformed AVI Users of VPN-1 NG with Application Intelligence R55 will receive rule 99804 on the SmartView Tracker screen. |
|
|
| Solution: | Users of VPN-1 NG with Application Intelligence R55 & R55W, users of VPN-1 NGX R60 and users of InterSpect who have applied the solution outlined in CPAI-2005-130 are preemptively against this vulnerability. |
|
|
| Industry Reference: | CAN-2005-2128 |
|
|
| Additional Information: | Zone Labs Security Advisory |