Vulnerabilities Discovered for Microsoft DirectX

As some of you may know, Palo Alto Networks discovered 2 critical vulnerabilities for Microsoft DirectX which were released today via Microsoft’s July security bulletin. Successful exploitation of these critical vulnerabilities can allow an attacker to run remote code on a victim’s PC. The 2 vulnerabilities CVE-2009-1538 (DirectX Pointer Validation Vulnerability) and CVE-2009-1539 (DirectX Size Validation Vulnerability) affect Microsoft’s DirectX on Windows XP and Windows Server 2003. We suggest that end users run Microsoft update to get their systems patched accordingly. To give you a little more background, let’s take a look at what the DirectX vulnerability is and what it does.

What is cause of the vulnerability?
The Microsoft DirectShow component has an issue that doesn’t allow it to properly parse specially crafted QuickTime media files.

What is DirectX?
Microsoft DirectX is a feature of the Windows operating system. It is used for streaming media on Microsoft Windows operating systems to enable graphics and sound when playing games or watching video.

What is DirectShow?
DirectX consists of a set of low-level Application Programming Interfaces (APIs) used by Windows programs for multimedia support. Within DirectX, the DirectShow technology performs client-side audio and video sourcing, manipulation and rendering. Microsoft DirectShow is used for streaming media on Microsoft Windows operating systems. DirectShow is used for high-quality capture and playback of multimedia streams. It automatically detects and uses video and audio acceleration hardware when available, but also supports systems without acceleration hardware. DirectShow is also integrated with other DirectX technologies. Some examples of applications that you can create using DirectShow include DVD players, video editing applications, AVI to ASF converters, MP3 players, and digital video capture applications.

How could an attacker exploit the vulnerability?
This vulnerability requires that a user/victim open a specially crafted QuickTime file or receive specially crafted streaming content from a Web site or any application that delivers Web content.

What might an attacker use the vulnerability to do?
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To find out more about the DirectX vulnerabilities discovered by Palo Alto Networks, please click on the link below.

http://www.microsoft.com/technet/security/bulletin/ms09-jul.mspx