Microsoft MPEG Layer-3 Codecs Memory Corruption Vulnerability
A critical remote code execution vulnerability has been reported in the Microsoft DirectShow MP3 filter. Successful exploitation of this issue may allow the attacker take complete control of an affected system.
Microsoft DirectShow is used for streaming media on Microsoft Windows operating systems, and performs client-side audio and video sourcing, manipulation and rendering within DirectX. The vulnerability is within the MPEG Layer-3 Audio Codecs for Microsoft DirectShow (l3codecx.ax), which fail to properly handle specially crafted media files containing an MPEG Layer-3 audio stream. A remote attacker could trigger this flaw by convincing a victim to open a specially crafted MP3 file.
This vulnerability exists in Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, and Windows Server 2003 X64 Edition SP2.
SolutionCheck Point IPS Software Blade provides immediate network protection in the latest IPS Update by detecting and blocking the transferring of malformed MP3 files over HTTP. For more information, see CPAI-2010-241.
Published August 10, 2010Legal Notice for Threat Center Advisories