Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Critical Vulnerability in Microsoft DirectPlay Can Allow Remote Code Execution

Microsoft Security Bulletin MS12-082CVE-2012-1537 )


A critical remote code execution vulnerability has been reported in the DirectPlay component of the Windows DirectX library. The Check Point IPS Software Blade provides immediate network protection against this issue.


DirectPlay is a high-level software interface between applications and communication services that allows users to connect games over the Internet, a modem link, or a network.

The vulnerability could allow remote code execution by an attacker on a targeted machine if the attacker convinces a user to view specially crafted web content that is designed to invoke Windows Media Player through Internet Explorer.

Affected Products

Please consult the Check Point Protection links in the table below to determine which versions of Windows are affected by each issue.


Check Point recommends applying the updates detailed in MS12-082 to vulnerable systems as soon as is practical. In the meantime, the Check Point IPS Software Blade provides immediate network protection against all of these issues in the latest IPS update by detecting and blocking the vulnerable ActiveX Control. The following table lists each CLSID Identifier with its associated Check Point protection.

DirectPlay CLSID IdentifierCheck Point Protection
CLSID_DirectPlay8Peer  CPAI-2012-1257
CLSID_DirectPlay8Client  CPAI-2012-1258
CLSID_DirectPlay8LobbyClient CPAI-2012-1259
CLSID_DirectPlay8LobbiedApplication CPAI-2012-1260
CLSID_DirectPlay8Address  CPAI-2012-1261


Originally Published:

Last Updated: 12-Dec-2012

Legal Notice for Threat Center Advisories