| VID |
28050 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The hotfix(Q819696) for the 'multiple buffer overflows in DirectX' has not been applied.
Microsoft provides a component called QUARTZ.DLL that allows Windows applications to play MIDI music through a common interface. Windows Media Player and Internet Explorer, for example, both use QUARTZ.DLL to play MIDI music files (.mid extension); in the case of Internet Explorer, MIDI files can be played automatically when a web page is visited through the use of a specific HTML tag.
eEye Digital Security has discovered a pair of flaws in all versions of QUARTZ.DLL that would allow a specially-crafted MIDI file to cause the execution of arbitrary code when played. In the worst case, an attacker could construct a malicious .mid file and have it play automatically whenever a victim attempts to view certain HTML, such as an attacker-controlled website, resulting in the compromise of the victim's machine.
* Notes: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/ms03-030.asp
http://www.securityfocus.com/archive/1/330181
http://marc.theaimsgroup.com/?l=bugtraq&m=105899759824008&w=2
* Platforms Affected:
Microsoft DirectX¢ç 5.2 on Windows 98
Microsoft DirectX 6.1 on Windows 98 SE
Microsoft DirectX 7.0a on Windows Millennium Edition
Microsoft DirectX 7.0 on Windows 2000
Microsoft DirectX 8.1 on Windows XP
Microsoft DirectX 8.1 on Windows Server 2003
Microsoft DirectX 9.0a when installed on Windows Millennium Edition
Microsoft DirectX 9.0a when installed on Windows 2000
Microsoft DirectX 9.0a when installed on Windows XP
Microsoft DirectX 9.0a when installed on Windows Server 2003
Microsoft Windows NT 4.0 with either Windows Media Player 6.4 or Internet Explorer 6 Service Pack 1 installed.
Microsoft Windows NT 4.0, Terminal Server Edition with either Windows Media Player 6.4 or Internet Explorer 6 Service Pack 1 installed. |
| Recommendation |
Apply the appropriate patch for your system, as listed in Microsoft's security bulletin MS03-030 at http://www.microsoft.com/technet/security/bulletin/ms03-030.asp
-- OR --
For All Windows Versions except Windows NT 4.0,
Upgrade to the DirectX 9.0b that contains the security fix from the following location:
http://microsoft.com/downloads/details.aspx?FamilyId=141D5F9E-07C1-462A-BAEF-5EAB5C851CF5&displaylang=en
For DirectX earlier than DirectX 9.0a on Windows 98, 98 SE and ME, upgprade to DirectX 9.0b.
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch.
You can verify whether the patch has been installed on the machine as the follow:
1. Click <Start> menu, and then click <Run>.
2. In the Run dialog box, type "dxdiag".
3. Select the <System> tab of the dialog box, and then verify the "DirectX version".
4. If "Direct version" is "DirectX 9.0b (4.09.0000.0902)", the patch has been installed. |
| Related URL |
CVE-2003-0346 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
