Search criteria
39 vulnerabilities found for directx by microsoft
FKIE_CVE-2012-1537
Vulnerability from fkie_nvd - Published: 2012-12-12 00:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | directx | 10.1 | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_vista | - | |
| microsoft | directx | 11.0 | |
| microsoft | directx | 11.1 | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | directx | 9.0 | |
| microsoft | windows_server_2003 | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | directx | 10.0 | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_vista | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:directx:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29B9C375-2634-43A8-950D-FD1AD7ED1584",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5494A20A-5927-4249-942C-189292E5F956",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:directx:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "998918B6-EB7E-4CD3-8190-58BA6692B3A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F34067-00A7-4B00-9A82-4B5891F9345C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "36559BC0-44D7-48B3-86FF-1BFF0257B5ED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2936E9C2-65E6-4D26-A277-FF2AE13A3FEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:directx:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A53A6AC-74B0-4DB3-B94D-06FB969AE83C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32623D48-7000-4C7D-823F-7D2A9841D88C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"DirectPlay Heap Overflow Vulnerability.\""
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer basado en memoria din\u00e1mica en DirectPlay en DirectX v9.0 a v11.1 en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 Service Pack 2, R2, R2 SP1 y, Windows 7 Gold y SP1, Windows 8 y Windows Server 2012 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un documento de Office modificado. Se trata de un problema tambi\u00e9n conocido como \"Vulnerabilidad de desbordamiento del monticulo de DirectPlay\"."
}
],
"id": "CVE-2012-1537",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-12-12T00:55:00.997",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-346A.html"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-082"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-346A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16086"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-1880
Vulnerability from fkie_nvd - Published: 2010-06-08 22:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | directx | 9.0 | |
| microsoft | directx | 9.0a | |
| microsoft | directx | 9.0b | |
| microsoft | directx | 9.0c | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_vista | * | |
| microsoft | windows_vista | - | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2936E9C2-65E6-4D26-A277-FF2AE13A3FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "B2F096A3-DD19-4D54-94F4-027DBDF1A705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "70A8E96E-F752-43D2-83C3-877DE1042B80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0c:*:*:*:*:*:*:*",
"matchCriteriaId": "44C68B75-2B7A-450B-BA1B-03E77E03B59B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
"matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
"matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3A04E39A-623E-45CA-A5FC-25DAA0F275A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka \"MJPEG Media Decompression Vulnerability.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Quartz.dll para DirectShow en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista SP1, y Server 2008. Esta vulnerabilidad permite ejecutar, a atacantes remotos, c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero multimedia con datos de compresi\u00f3n debidamente modificados. Esta vulnerabilidad tambi\u00e9n es conocida como \"Vulnerabilidad de decompresion de ficheros multimedia MJPEG\"."
}
],
"id": "CVE-2010-1880",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-06-08T22:30:01.617",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://osvdb.org/65222"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/65222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6641"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-1879
Vulnerability from fkie_nvd - Published: 2010-06-08 22:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "Media Decompression Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | directx | 9.0 | |
| microsoft | directx | 9.0a | |
| microsoft | directx | 9.0b | |
| microsoft | directx | 9.0c | |
| microsoft | windows_media_format_runtime | 9 | |
| microsoft | windows_media_format_runtime | 9.5 | |
| microsoft | windows_media_format_runtime | 9.5 | |
| microsoft | windows_media_format_runtime | 11 | |
| microsoft | windows_media_encoder | 9 | |
| microsoft | windows_media_encoder | 9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2936E9C2-65E6-4D26-A277-FF2AE13A3FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "B2F096A3-DD19-4D54-94F4-027DBDF1A705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "70A8E96E-F752-43D2-83C3-877DE1042B80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0c:*:*:*:*:*:*:*",
"matchCriteriaId": "44C68B75-2B7A-450B-BA1B-03E77E03B59B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windows_media_format_runtime:9:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD41070-7ED7-41D6-AF81-C038A8DB3C0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DBB016-22A2-4B12-A1A4-DEE8ABF14B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_media_format_runtime:9.5:*:x64:*:*:*:*:*",
"matchCriteriaId": "87AA5126-90FF-40F5-8664-E8260C2C8CF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_media_format_runtime:11:*:*:*:*:*:*:*",
"matchCriteriaId": "61AAD264-CC98-4FB7-BDDD-6920D4AD1B5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windows_media_encoder:9:-:x64:*:*:*:*:*",
"matchCriteriaId": "609E859B-88D6-4CC3-8F49-F09884643955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_media_encoder:9:-:x86:*:*:*:*:*",
"matchCriteriaId": "6AEE67A7-C46C-4DAC-BE3A-66DF96617BFF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka \"Media Decompression Vulnerability.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Quartz.dll para DirectShow, Windows Media Format Runtime v9, v9.5 y v11; Media Encoder v9, y el componente COM Asycfilt.dll permite a atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n a trav\u00e9s de un archivo multimedia con datos de compresi\u00f3n manipulados, tambi\u00e9n conocido como \"Vulnerabilidad de descompresi\u00f3n Multimedia\"."
}
],
"id": "CVE-2010-1879",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-06-08T22:30:01.583",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7517"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-1539
Vulnerability from fkie_nvd - Published: 2009-07-15 15:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | directx | 7.0 | |
| microsoft | windows_2000 | - | |
| microsoft | directx | 8.1 | |
| microsoft | windows_2000 | - | |
| microsoft | directx | 9.0 | |
| microsoft | windows_2000 | - | |
| microsoft | windows_server_2003 | * | |
| microsoft | windows_xp | - | |
| microsoft | windows_xp | - | |
| microsoft | windows_xp | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:directx:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFE77B9-6C2A-45D3-A4B5-2679CC4B0DA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*",
"matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:directx:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF0278F-AFA7-48BA-8762-5569EC174AEE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*",
"matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2936E9C2-65E6-4D26-A277-FF2AE13A3FEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*",
"matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka \"DirectX Size Validation Vulnerability.\""
},
{
"lang": "es",
"value": "EL QuickTime Movie Parser Filter en quartz.dll en DirectShow en Microsoft DirectX v7.0 a la v9.0c sobre Windows 2000 SP4, Windows XP SP2 y SP3, y Windows Server 2003 SP2, no valida adecuadamente el tama\u00f1o sin especificar de los campos en los archivos \"Quicktime media\", lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo manipulado, tambi\u00e9n conocido como \"Vulnerabilidad de validaci\u00f3n de tama\u00f1o en DirectX\"."
}
],
"id": "CVE-2009-1539",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-07-15T15:30:01.407",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://osvdb.org/55845"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2009/1886"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/55845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6341"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-1538
Vulnerability from fkie_nvd - Published: 2009-07-15 15:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | directx | 7.0 | |
| microsoft | windows_2000 | - | |
| microsoft | directx | 8.1 | |
| microsoft | windows_2000 | - | |
| microsoft | directx | 9.0 | |
| microsoft | windows_2000 | - | |
| microsoft | windows_server_2003 | * | |
| microsoft | windows_xp | - | |
| microsoft | windows_xp | - | |
| microsoft | windows_xp | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:directx:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFE77B9-6C2A-45D3-A4B5-2679CC4B0DA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*",
"matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:directx:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF0278F-AFA7-48BA-8762-5569EC174AEE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*",
"matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2936E9C2-65E6-4D26-A277-FF2AE13A3FEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*",
"matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka \"DirectX Pointer Validation Vulnerability.\""
},
{
"lang": "es",
"value": "EL QuickTime Movie Parser Filter en quartz.dll en DirectShow en Microsoft DirectX v7.0 a la v9.0c sobre Windows 2000 SP4, Windows XP SP2 y SP3, y Windows Server 2003 SP2, realiza actualizaciones a punteros sin validar adecuadamente los valores de datos no especificados, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo \"Quicktime media\" manipulado, tambi\u00e9n conocido como \"Vulnerabilidad de validaci\u00f3n de Puntero en DirectX\"."
}
],
"id": "CVE-2009-1538",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-07-15T15:30:01.377",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://osvdb.org/55844"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/35600"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2009/1886"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/55844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5963"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-1537
Vulnerability from fkie_nvd - Published: 2009-05-29 18:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | directx | 7.0 | |
| microsoft | directx | 7.0a | |
| microsoft | directx | 7.1 | |
| microsoft | directx | 8.1 | |
| microsoft | directx | 8.1b | |
| microsoft | directx | 9.0 | |
| microsoft | directx | 9.0a | |
| microsoft | directx | 9.0b | |
| microsoft | directx | 9.0c | |
| microsoft | windows_2000 | * | |
| microsoft | directx | 9.0 | |
| microsoft | directx | 9.0a | |
| microsoft | directx | 9.0b | |
| microsoft | directx | 9.0c | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_server_2003 | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:directx:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFE77B9-6C2A-45D3-A4B5-2679CC4B0DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:7.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "459D411C-4994-41DB-9594-F460EADA3351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F01F75D-4C20-4DA2-BD3B-4A3BD466F773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF0278F-AFA7-48BA-8762-5569EC174AEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:8.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBFBDA6-90F5-4A8A-BD47-2DCA5CA8D5AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2936E9C2-65E6-4D26-A277-FF2AE13A3FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "B2F096A3-DD19-4D54-94F4-027DBDF1A705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "70A8E96E-F752-43D2-83C3-877DE1042B80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0c:*:*:*:*:*:*:*",
"matchCriteriaId": "44C68B75-2B7A-450B-BA1B-03E77E03B59B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2936E9C2-65E6-4D26-A277-FF2AE13A3FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "B2F096A3-DD19-4D54-94F4-027DBDF1A705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "70A8E96E-F752-43D2-83C3-877DE1042B80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0c:*:*:*:*:*:*:*",
"matchCriteriaId": "44C68B75-2B7A-450B-BA1B-03E77E03B59B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
"matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
"matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka \"DirectX NULL Byte Overwrite Vulnerability.\""
},
{
"lang": "es",
"value": "Vulnerailidad sin especificar en el filtro QuickTime Movie Parser en quartz.dll en DirectShow en Microsoft DirectX v7.0 hasta v9.0c en Windows 2000 SP4, Windows XP SP2 y SP3, y Windows Server 2003 SP2 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero multimedia QuickTime manipulado, como se ha explotado libremente en Mayo de 2009."
}
],
"evaluatorImpact": "Per: http://www.microsoft.com/technet/security/advisory/971778.mspx\r\n\r\n\"Microsoft is aware of limited, active attacks that use this exploit code. While our investigation is ongoing, our investigation so far has shown that Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are vulnerable; all versions of Windows Vista and Windows Server 2008 are not vulnerable.\"",
"id": "CVE-2009-1537",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-05-29T18:30:00.187",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://blogs.technet.com/msrc/archive/2009/05/28/microsoft-security-advisory-971778-vulnerability-in-microsoft-directshow-released.aspx"
},
{
"source": "secure@microsoft.com",
"url": "http://blogs.technet.com/srd/archive/2009/05/28/new-vulnerability-in-quicktime-parsing.aspx"
},
{
"source": "secure@microsoft.com",
"url": "http://isc.sans.org/diary.html?storyid=6481"
},
{
"source": "secure@microsoft.com",
"url": "http://osvdb.org/54797"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35268"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.microsoft.com/technet/security/advisory/971778.mspx"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/35139"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1022299"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1445"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1886"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://blogs.technet.com/msrc/archive/2009/05/28/microsoft-security-advisory-971778-vulnerability-in-microsoft-directshow-released.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blogs.technet.com/srd/archive/2009/05/28/new-vulnerability-in-quicktime-parsing.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://isc.sans.org/diary.html?storyid=6481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/54797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.microsoft.com/technet/security/advisory/971778.mspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6237"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-0084
Vulnerability from fkie_nvd - Published: 2009-04-15 08:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_2000 | * | |
| microsoft | directx | 8.1 | |
| microsoft | directx | 9.0 | |
| microsoft | directx | 9.0a | |
| microsoft | directx | 9.0b | |
| microsoft | directx | 9.0c | |
| microsoft | windows_2000 | * | |
| microsoft | windows_server_2003 | * | |
| microsoft | windows_server_2003 | * | |
| microsoft | windows_server_2003 | * | |
| microsoft | windows_server_2003 | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:directx:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF0278F-AFA7-48BA-8762-5569EC174AEE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2936E9C2-65E6-4D26-A277-FF2AE13A3FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "B2F096A3-DD19-4D54-94F4-027DBDF1A705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "70A8E96E-F752-43D2-83C3-877DE1042B80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0c:*:*:*:*:*:*:*",
"matchCriteriaId": "44C68B75-2B7A-450B-BA1B-03E77E03B59B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31A64C69-D182-4BEC-BA8A-7B405F5B2FC0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "DA778424-6F70-4AB6-ADD5-5D4664DFE463",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*",
"matchCriteriaId": "BCE2197B-7C58-4693-B9BB-0B31EABB6B66",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:pro_x64:*:*:*:*:*",
"matchCriteriaId": "29EDE745-5A26-42BF-AFDE-7D985BB09D44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*",
"matchCriteriaId": "2D48D876-6A88-4B52-9322-9F019BFA19B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka \"MJPEG Decompression Vulnerability.\""
},
{
"lang": "es",
"value": "DirectShow en Microsoft DirectX v8.1 y v9.0 no descomprime adecuadamente ficheros multimedia, lo cual permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un (1) fichero MJPEG manipulado o (2) cadena video, tambi\u00e9n conocido como \"Vulnerabilidad de Descompresi\u00f3n MJPEG\"."
}
],
"id": "CVE-2009-0084",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-15T08:00:00.420",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://osvdb.org/53632"
},
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/34665"
},
{
"source": "secure@microsoft.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-132.htm"
},
{
"source": "secure@microsoft.com",
"url": "http://www.piotrbania.com/all/adv/ms-directx-mjpeg-adv.txt"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/34460"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1022040"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2009/1025"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-011"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-132.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.piotrbania.com/all/adv/ms-directx-mjpeg-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5618"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-1444
Vulnerability from fkie_nvd - Published: 2008-06-12 02:32 - Updated: 2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows-nt | xp | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | directx | 9.0 | |
| microsoft | windows-nt | 2008 | |
| microsoft | windows-nt | 2008 | |
| microsoft | windows-nt | 2008 | |
| microsoft | windows_vista | * | |
| microsoft | directx | 10.0 | |
| microsoft | windows_2000 | * | |
| microsoft | directx | 7.0 | |
| microsoft | directx | 8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows-nt:xp:sp3:*:*:*:*:*:*",
"matchCriteriaId": "73AED29E-B778-4186-8968-EB608E34E540",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "CD264C73-360E-414D-BE22-192F92E5A0A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "FE8F4276-4D97-480D-A542-FE9982FFD765",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:itanium:*:*:*:*:*",
"matchCriteriaId": "972ADDBC-5D6E-48D5-9DB7-44FE0539807D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
"matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "ACF75FC8-095A-4EEA-9A41-C27CFF3953FB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "57ECAAA8-8709-4AC7-9CE7-49A8040C04D3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2936E9C2-65E6-4D26-A277-FF2AE13A3FEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows-nt:2008:*:itanium:*:*:*:*:*",
"matchCriteriaId": "59F8A83B-899C-47CE-B444-E8B4AC7723C7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows-nt:2008:*:x32:*:*:*:*:*",
"matchCriteriaId": "7AF8B188-A5E0-4D53-9FE1-C72BD956191B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows-nt:2008:*:x64:*:*:*:*:*",
"matchCriteriaId": "2B89E436-C99E-4F68-AADD-E5980B346E95",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:directx:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A53A6AC-74B0-4DB3-B94D-06FB969AE83C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:directx:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFE77B9-6C2A-45D3-A4B5-2679CC4B0DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF0278F-AFA7-48BA-8762-5569EC174AEE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the \"SAMI Format Parsing Vulnerability.\""
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en Microsoft DirectX 7.0 y 8.1 o en Windows 2000 SP4 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo Synchronized Accessible Media Interchange (SAMI) con par\u00e1metros manipulados para una variable Class Name, tambi\u00e9n conocida como la \"Vulnerabilidad SAMI Format Parsing\""
}
],
"id": "CVE-2008-1444",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-06-12T02:32:00.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30579"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/3937"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1020223"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/493250/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/29578"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2008/1780"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-040/"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/3937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1020223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/493250/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/29578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2008/1780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-040/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5562"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-0011
Vulnerability from fkie_nvd - Published: 2008-06-12 02:32 - Updated: 2025-04-09 00:30
Severity ?
Summary
Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows-nt | xp | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | directx | 9.0 | |
| microsoft | windows_2000 | * | |
| microsoft | directx | 7.0 | |
| microsoft | directx | 8.1 | |
| microsoft | windows-nt | 2008 | |
| microsoft | windows-nt | 2008 | |
| microsoft | windows-nt | 2008 | |
| microsoft | windows_vista | * | |
| microsoft | directx | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows-nt:xp:sp3:*:*:*:*:*:*",
"matchCriteriaId": "73AED29E-B778-4186-8968-EB608E34E540",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "CD264C73-360E-414D-BE22-192F92E5A0A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "FE8F4276-4D97-480D-A542-FE9982FFD765",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:itanium:*:*:*:*:*",
"matchCriteriaId": "972ADDBC-5D6E-48D5-9DB7-44FE0539807D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
"matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "ACF75FC8-095A-4EEA-9A41-C27CFF3953FB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "57ECAAA8-8709-4AC7-9CE7-49A8040C04D3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2936E9C2-65E6-4D26-A277-FF2AE13A3FEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:directx:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFE77B9-6C2A-45D3-A4B5-2679CC4B0DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF0278F-AFA7-48BA-8762-5569EC174AEE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows-nt:2008:*:itanium:*:*:*:*:*",
"matchCriteriaId": "59F8A83B-899C-47CE-B444-E8B4AC7723C7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows-nt:2008:*:x32:*:*:*:*:*",
"matchCriteriaId": "7AF8B188-A5E0-4D53-9FE1-C72BD956191B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows-nt:2008:*:x64:*:*:*:*:*",
"matchCriteriaId": "2B89E436-C99E-4F68-AADD-E5980B346E95",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:directx:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A53A6AC-74B0-4DB3-B94D-06FB969AE83C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the \"MJPEG Decoder Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft DirectX 8.1 a 9.0c, y DirectX en Microsoft XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, y Server 2008 no realiza adecuadamente la comprobaci\u00f3n de errores MJPEG lo cual podr\u00eda permitir a usuarios remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una cadena de datos MJPEG manipulada en un archivo (1) AVI o (2) ASF, tambi\u00e9n conocida como la \"Vulnerabilidad del decodificador MJPEG\""
}
],
"id": "CVE-2008-0011",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-06-12T02:32:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30579"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1020222"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/29581"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2008/1780"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1020222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/29581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2008/1780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5236"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-3895
Vulnerability from fkie_nvd - Published: 2007-12-12 00:46 - Updated: 2025-04-09 00:30
Severity ?
Summary
Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_2000 | * | |
| microsoft | directx | 7.0 | |
| microsoft | directx | 8.1 | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | directx | 9.0c | |
| microsoft | windows_vista | * | |
| microsoft | windows_vista | * | |
| microsoft | directx | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:directx:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFE77B9-6C2A-45D3-A4B5-2679CC4B0DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF0278F-AFA7-48BA-8762-5569EC174AEE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "CD264C73-360E-414D-BE22-192F92E5A0A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "FE8F4276-4D97-480D-A542-FE9982FFD765",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:itanium:*:*:*:*:*",
"matchCriteriaId": "972ADDBC-5D6E-48D5-9DB7-44FE0539807D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
"matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "ACF75FC8-095A-4EEA-9A41-C27CFF3953FB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "57ECAAA8-8709-4AC7-9CE7-49A8040C04D3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0c:*:*:*:*:*:*:*",
"matchCriteriaId": "44C68B75-2B7A-450B-BA1B-03E77E03B59B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:*",
"matchCriteriaId": "D34A558F-A656-43EB-AC52-C3710F77CDD8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*",
"matchCriteriaId": "F9DC56EB-EDC4-4DFE-BA9B-B17FF4A91734",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:directx:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A53A6AC-74B0-4DB3-B94D-06FB969AE83C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en Microsoft DirectShow en Microsoft DirectX versiones 7.0 hasta 10.0, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo dise\u00f1ado (1) WAV o (2) AVI."
}
],
"id": "CVE-2007-3895",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-12-12T00:46:00.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28010"
},
{
"source": "secure@microsoft.com",
"url": "http://www.iss.net/threats/280.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/321233"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/26804"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1019073"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/4180"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-064"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38722"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/threats/280.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/321233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/4180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4287"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-3901
Vulnerability from fkie_nvd - Published: 2007-12-12 00:46 - Updated: 2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_2000 | * | |
| microsoft | windows_2003_server | datacenter_edition | |
| microsoft | windows_2003_server | enterprise_edition | |
| microsoft | windows_2003_server | standard | |
| microsoft | windows_2003_server | web_edition | |
| microsoft | windows_vista | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | directx | 5.2 | |
| microsoft | directx | 6.1 | |
| microsoft | directx | 7.0 | |
| microsoft | directx | 7.0a | |
| microsoft | directx | 7.1 | |
| microsoft | directx | 8.0 | |
| microsoft | directx | 8.0a | |
| microsoft | directx | 8.1 | |
| microsoft | directx | 8.1a | |
| microsoft | directx | 8.1b | |
| microsoft | directx | 8.2 | |
| microsoft | directx | 9.0a | |
| microsoft | directx | 9.0b | |
| microsoft | directx | 9.0c | |
| microsoft | directx | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*",
"matchCriteriaId": "480D8321-EB2F-4626-A16B-F3C2B771EDB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:*:*:*:*:*:*:*",
"matchCriteriaId": "0095FE21-F45F-4D50-A22B-6AEF5ED4D691",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard:*:*:*:*:*:*:*",
"matchCriteriaId": "709E6DA0-09F8-4EAB-B1B2-D4D0A7771AC1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:web_edition:*:*:*:*:*:*:*",
"matchCriteriaId": "E296F83E-39E1-4DA0-A410-DDD17BDB3939",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
"matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:professional:*:*:*:*:*",
"matchCriteriaId": "CC5A2998-AFD9-4AD3-BC47-E653345323AB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:directx:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "194DA1C4-F08C-4219-87DC-BC6B389372EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A0B238-DEC5-4DFC-AB8D-2F78E03B0589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFE77B9-6C2A-45D3-A4B5-2679CC4B0DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:7.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "459D411C-4994-41DB-9594-F460EADA3351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F01F75D-4C20-4DA2-BD3B-4A3BD466F773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1C38DA-F7C2-4291-8384-E822BAE7F25D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:8.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "CB69C888-AAE7-4472-B2D3-76CEFFF48D7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF0278F-AFA7-48BA-8762-5569EC174AEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:8.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4C6E3F-58B3-4871-AC3A-DC54F9031C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:8.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBFBDA6-90F5-4A8A-BD47-2DCA5CA8D5AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A84968C5-EFBE-4BC6-8A3B-0110A65EC97E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "B2F096A3-DD19-4D54-94F4-027DBDF1A705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "70A8E96E-F752-43D2-83C3-877DE1042B80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:9.0c:*:*:*:*:*:*:*",
"matchCriteriaId": "44C68B75-2B7A-450B-BA1B-03E77E03B59B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:directx:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A53A6AC-74B0-4DB3-B94D-06FB969AE83C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file."
},
{
"lang": "es",
"value": "El desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el analizador de intercambio de medios accesibles (SAMI) de DirectShow sincronizado en Quartz. dll para Microsoft DirectX versi\u00f3n 7.0 a la versi\u00f3n 10.0, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo SAMI elaborado."
}
],
"id": "CVE-2007-3901",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-12-12T00:46:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=632"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28010"
},
{
"source": "secure@microsoft.com",
"url": "http://www.iss.net/threats/280.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/804089"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/26789"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1019073"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/4180"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-064"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38721"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4520"
},
{
"source": "secure@microsoft.com",
"url": "https://www.exploit-db.com/exploits/4866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/threats/280.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/804089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/4180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4866"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2012-1537 (GCVE-0-2012-1537)
Vulnerability from cvelistv5 – Published: 2012-12-12 00:00 – Updated: 2024-08-06 19:01
VLAI?
Summary
Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:01.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA12-346A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-346A.html"
},
{
"name": "MS12-082",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-082"
},
{
"name": "oval:org.mitre.oval:def:16086",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16086"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"DirectPlay Heap Overflow Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "TA12-346A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-346A.html"
},
{
"name": "MS12-082",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-082"
},
{
"name": "oval:org.mitre.oval:def:16086",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16086"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"DirectPlay Heap Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA12-346A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-346A.html"
},
{
"name": "MS12-082",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-082"
},
{
"name": "oval:org.mitre.oval:def:16086",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16086"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1537",
"datePublished": "2012-12-12T00:00:00",
"dateReserved": "2012-03-08T00:00:00",
"dateUpdated": "2024-08-06T19:01:01.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1879 (GCVE-0-2010-1879)
Vulnerability from cvelistv5 – Published: 2010-06-08 22:00 – Updated: 2024-08-07 01:35
VLAI?
Summary
Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "Media Decompression Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:7517",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7517"
},
{
"name": "MS10-033",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033"
},
{
"name": "TA10-159B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka \"Media Decompression Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:7517",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7517"
},
{
"name": "MS10-033",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033"
},
{
"name": "TA10-159B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-1879",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka \"Media Decompression Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:7517",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7517"
},
{
"name": "MS10-033",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033"
},
{
"name": "TA10-159B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2010-1879",
"datePublished": "2010-06-08T22:00:00",
"dateReserved": "2010-05-11T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1880 (GCVE-0-2010-1880)
Vulnerability from cvelistv5 – Published: 2010-06-08 22:00 – Updated: 2024-08-07 01:35
VLAI?
Summary
Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6641",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6641"
},
{
"name": "65222",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/65222"
},
{
"name": "MS10-033",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033"
},
{
"name": "TA10-159B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka \"MJPEG Media Decompression Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6641",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6641"
},
{
"name": "65222",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/65222"
},
{
"name": "MS10-033",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033"
},
{
"name": "TA10-159B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-1880",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka \"MJPEG Media Decompression Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:6641",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6641"
},
{
"name": "65222",
"refsource": "OSVDB",
"url": "http://osvdb.org/65222"
},
{
"name": "MS10-033",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033"
},
{
"name": "TA10-159B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2010-1880",
"datePublished": "2010-06-08T22:00:00",
"dateReserved": "2010-05-11T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1539 (GCVE-0-2009-1539)
Vulnerability from cvelistv5 – Published: 2009-07-15 15:00 – Updated: 2024-08-07 05:20
VLAI?
Summary
The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:33.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS09-028",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028"
},
{
"name": "55845",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55845"
},
{
"name": "oval:org.mitre.oval:def:6341",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6341"
},
{
"name": "ADV-2009-1886",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1886"
},
{
"name": "TA09-195A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka \"DirectX Size Validation Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS09-028",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028"
},
{
"name": "55845",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55845"
},
{
"name": "oval:org.mitre.oval:def:6341",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6341"
},
{
"name": "ADV-2009-1886",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1886"
},
{
"name": "TA09-195A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-1539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka \"DirectX Size Validation Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS09-028",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028"
},
{
"name": "55845",
"refsource": "OSVDB",
"url": "http://osvdb.org/55845"
},
{
"name": "oval:org.mitre.oval:def:6341",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6341"
},
{
"name": "ADV-2009-1886",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1886"
},
{
"name": "TA09-195A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-1539",
"datePublished": "2009-07-15T15:00:00",
"dateReserved": "2009-05-05T00:00:00",
"dateUpdated": "2024-08-07T05:20:33.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1538 (GCVE-0-2009-1538)
Vulnerability from cvelistv5 – Published: 2009-07-15 15:00 – Updated: 2024-08-07 05:20
VLAI?
Summary
The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:33.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS09-028",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028"
},
{
"name": "oval:org.mitre.oval:def:5963",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5963"
},
{
"name": "55844",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55844"
},
{
"name": "ADV-2009-1886",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1886"
},
{
"name": "35600",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35600"
},
{
"name": "TA09-195A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka \"DirectX Pointer Validation Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS09-028",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028"
},
{
"name": "oval:org.mitre.oval:def:5963",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5963"
},
{
"name": "55844",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55844"
},
{
"name": "ADV-2009-1886",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1886"
},
{
"name": "35600",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35600"
},
{
"name": "TA09-195A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-1538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka \"DirectX Pointer Validation Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS09-028",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028"
},
{
"name": "oval:org.mitre.oval:def:5963",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5963"
},
{
"name": "55844",
"refsource": "OSVDB",
"url": "http://osvdb.org/55844"
},
{
"name": "ADV-2009-1886",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1886"
},
{
"name": "35600",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35600"
},
{
"name": "TA09-195A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-1538",
"datePublished": "2009-07-15T15:00:00",
"dateReserved": "2009-05-05T00:00:00",
"dateUpdated": "2024-08-07T05:20:33.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1537 (GCVE-0-2009-1537)
Vulnerability from cvelistv5 – Published: 2009-05-29 18:00 – Updated: 2024-08-07 05:13
VLAI?
Summary
Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:25.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS09-028",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.technet.com/srd/archive/2009/05/28/new-vulnerability-in-quicktime-parsing.aspx"
},
{
"name": "oval:org.mitre.oval:def:6237",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6237"
},
{
"name": "35268",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35268"
},
{
"name": "1022299",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022299"
},
{
"name": "ADV-2009-1886",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1886"
},
{
"name": "ADV-2009-1445",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1445"
},
{
"name": "54797",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54797"
},
{
"name": "35139",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35139"
},
{
"name": "TA09-195A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isc.sans.org/diary.html?storyid=6481"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.microsoft.com/technet/security/advisory/971778.mspx"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.technet.com/msrc/archive/2009/05/28/microsoft-security-advisory-971778-vulnerability-in-microsoft-directshow-released.aspx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka \"DirectX NULL Byte Overwrite Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS09-028",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.technet.com/srd/archive/2009/05/28/new-vulnerability-in-quicktime-parsing.aspx"
},
{
"name": "oval:org.mitre.oval:def:6237",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6237"
},
{
"name": "35268",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35268"
},
{
"name": "1022299",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022299"
},
{
"name": "ADV-2009-1886",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1886"
},
{
"name": "ADV-2009-1445",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1445"
},
{
"name": "54797",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54797"
},
{
"name": "35139",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35139"
},
{
"name": "TA09-195A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isc.sans.org/diary.html?storyid=6481"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.microsoft.com/technet/security/advisory/971778.mspx"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.technet.com/msrc/archive/2009/05/28/microsoft-security-advisory-971778-vulnerability-in-microsoft-directshow-released.aspx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-1537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka \"DirectX NULL Byte Overwrite Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS09-028",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028"
},
{
"name": "http://blogs.technet.com/srd/archive/2009/05/28/new-vulnerability-in-quicktime-parsing.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/srd/archive/2009/05/28/new-vulnerability-in-quicktime-parsing.aspx"
},
{
"name": "oval:org.mitre.oval:def:6237",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6237"
},
{
"name": "35268",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35268"
},
{
"name": "1022299",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022299"
},
{
"name": "ADV-2009-1886",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1886"
},
{
"name": "ADV-2009-1445",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1445"
},
{
"name": "54797",
"refsource": "OSVDB",
"url": "http://osvdb.org/54797"
},
{
"name": "35139",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35139"
},
{
"name": "TA09-195A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
},
{
"name": "http://isc.sans.org/diary.html?storyid=6481",
"refsource": "MISC",
"url": "http://isc.sans.org/diary.html?storyid=6481"
},
{
"name": "http://www.microsoft.com/technet/security/advisory/971778.mspx",
"refsource": "CONFIRM",
"url": "http://www.microsoft.com/technet/security/advisory/971778.mspx"
},
{
"name": "http://blogs.technet.com/msrc/archive/2009/05/28/microsoft-security-advisory-971778-vulnerability-in-microsoft-directshow-released.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/msrc/archive/2009/05/28/microsoft-security-advisory-971778-vulnerability-in-microsoft-directshow-released.aspx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-1537",
"datePublished": "2009-05-29T18:00:00",
"dateReserved": "2009-05-05T00:00:00",
"dateUpdated": "2024-08-07T05:13:25.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0084 (GCVE-0-2009-0084)
Vulnerability from cvelistv5 – Published: 2009-04-15 03:49 – Updated: 2024-08-07 04:24
VLAI?
Summary
Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:17.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA09-104A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"name": "53632",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53632"
},
{
"name": "34665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34665"
},
{
"name": "1022040",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022040"
},
{
"name": "ADV-2009-1025",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1025"
},
{
"name": "oval:org.mitre.oval:def:5618",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5618"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-132.htm"
},
{
"name": "34460",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34460"
},
{
"name": "MS09-011",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-011"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.piotrbania.com/all/adv/ms-directx-mjpeg-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka \"MJPEG Decompression Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA09-104A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"name": "53632",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53632"
},
{
"name": "34665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34665"
},
{
"name": "1022040",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022040"
},
{
"name": "ADV-2009-1025",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1025"
},
{
"name": "oval:org.mitre.oval:def:5618",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5618"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-132.htm"
},
{
"name": "34460",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34460"
},
{
"name": "MS09-011",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-011"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.piotrbania.com/all/adv/ms-directx-mjpeg-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-0084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka \"MJPEG Decompression Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA09-104A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"name": "53632",
"refsource": "OSVDB",
"url": "http://osvdb.org/53632"
},
{
"name": "34665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34665"
},
{
"name": "1022040",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022040"
},
{
"name": "ADV-2009-1025",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1025"
},
{
"name": "oval:org.mitre.oval:def:5618",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5618"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-132.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-132.htm"
},
{
"name": "34460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34460"
},
{
"name": "MS09-011",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-011"
},
{
"name": "http://www.piotrbania.com/all/adv/ms-directx-mjpeg-adv.txt",
"refsource": "MISC",
"url": "http://www.piotrbania.com/all/adv/ms-directx-mjpeg-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-0084",
"datePublished": "2009-04-15T03:49:00",
"dateReserved": "2009-01-08T00:00:00",
"dateUpdated": "2024-08-07T04:24:17.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1444 (GCVE-0-2008-1444)
Vulnerability from cvelistv5 – Published: 2008-06-12 01:30 – Updated: 2024-08-07 08:24
VLAI?
Summary
Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1780"
},
{
"name": "3937",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3937"
},
{
"name": "1020223",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020223"
},
{
"name": "MS08-033",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033"
},
{
"name": "29578",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29578"
},
{
"name": "oval:org.mitre.oval:def:5562",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5562"
},
{
"name": "TA08-162B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
},
{
"name": "HPSBST02344",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-040/"
},
{
"name": "30579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30579"
},
{
"name": "20080610 ZDI-08-040: Microsoft DirectX SAMI File Format Name Parsing Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493250/100/0/threaded"
},
{
"name": "SSRT080087",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the \"SAMI Format Parsing Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ADV-2008-1780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1780"
},
{
"name": "3937",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3937"
},
{
"name": "1020223",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020223"
},
{
"name": "MS08-033",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033"
},
{
"name": "29578",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29578"
},
{
"name": "oval:org.mitre.oval:def:5562",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5562"
},
{
"name": "TA08-162B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
},
{
"name": "HPSBST02344",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-040/"
},
{
"name": "30579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30579"
},
{
"name": "20080610 ZDI-08-040: Microsoft DirectX SAMI File Format Name Parsing Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493250/100/0/threaded"
},
{
"name": "SSRT080087",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-1444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the \"SAMI Format Parsing Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1780",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1780"
},
{
"name": "3937",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3937"
},
{
"name": "1020223",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020223"
},
{
"name": "MS08-033",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033"
},
{
"name": "29578",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29578"
},
{
"name": "oval:org.mitre.oval:def:5562",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5562"
},
{
"name": "TA08-162B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
},
{
"name": "HPSBST02344",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-040/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-040/"
},
{
"name": "30579",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30579"
},
{
"name": "20080610 ZDI-08-040: Microsoft DirectX SAMI File Format Name Parsing Stack Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493250/100/0/threaded"
},
{
"name": "SSRT080087",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-1444",
"datePublished": "2008-06-12T01:30:00",
"dateReserved": "2008-03-21T00:00:00",
"dateUpdated": "2024-08-07T08:24:41.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0011 (GCVE-0-2008-0011)
Vulnerability from cvelistv5 – Published: 2008-06-12 01:30 – Updated: 2024-08-07 07:32
VLAI?
Summary
Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:23.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1780"
},
{
"name": "oval:org.mitre.oval:def:5236",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5236"
},
{
"name": "1020222",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020222"
},
{
"name": "MS08-033",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033"
},
{
"name": "TA08-162B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
},
{
"name": "HPSBST02344",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
},
{
"name": "29581",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29581"
},
{
"name": "30579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30579"
},
{
"name": "SSRT080087",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the \"MJPEG Decoder Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1780"
},
{
"name": "oval:org.mitre.oval:def:5236",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5236"
},
{
"name": "1020222",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020222"
},
{
"name": "MS08-033",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033"
},
{
"name": "TA08-162B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
},
{
"name": "HPSBST02344",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
},
{
"name": "29581",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29581"
},
{
"name": "30579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30579"
},
{
"name": "SSRT080087",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the \"MJPEG Decoder Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1780",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1780"
},
{
"name": "oval:org.mitre.oval:def:5236",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5236"
},
{
"name": "1020222",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020222"
},
{
"name": "MS08-033",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033"
},
{
"name": "TA08-162B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
},
{
"name": "HPSBST02344",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
},
{
"name": "29581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29581"
},
{
"name": "30579",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30579"
},
{
"name": "SSRT080087",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0011",
"datePublished": "2008-06-12T01:30:00",
"dateReserved": "2007-12-13T00:00:00",
"dateUpdated": "2024-08-07T07:32:23.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3895 (GCVE-0-2007-3895)
Vulnerability from cvelistv5 – Published: 2007-12-12 00:00 – Updated: 2024-08-07 14:37
VLAI?
Summary
Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:04.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20071211 Multiple Microsoft DirectShow Remote Code Execution Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://www.iss.net/threats/280.html"
},
{
"name": "MS07-064",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-064"
},
{
"name": "ms-directshow-wav-code-execution(38722)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38722"
},
{
"name": "SSRT071506",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "1019073",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019073"
},
{
"name": "26804",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26804"
},
{
"name": "28010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28010"
},
{
"name": "oval:org.mitre.oval:def:4287",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4287"
},
{
"name": "HPSBST02299",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "TA07-345A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
},
{
"name": "VU#321233",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/321233"
},
{
"name": "ADV-2007-4180",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4180"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "20071211 Multiple Microsoft DirectShow Remote Code Execution Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://www.iss.net/threats/280.html"
},
{
"name": "MS07-064",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-064"
},
{
"name": "ms-directshow-wav-code-execution(38722)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38722"
},
{
"name": "SSRT071506",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "1019073",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019073"
},
{
"name": "26804",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26804"
},
{
"name": "28010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28010"
},
{
"name": "oval:org.mitre.oval:def:4287",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4287"
},
{
"name": "HPSBST02299",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "TA07-345A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
},
{
"name": "VU#321233",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/321233"
},
{
"name": "ADV-2007-4180",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4180"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-3895",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20071211 Multiple Microsoft DirectShow Remote Code Execution Vulnerabilities",
"refsource": "ISS",
"url": "http://www.iss.net/threats/280.html"
},
{
"name": "MS07-064",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-064"
},
{
"name": "ms-directshow-wav-code-execution(38722)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38722"
},
{
"name": "SSRT071506",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "1019073",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019073"
},
{
"name": "26804",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26804"
},
{
"name": "28010",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28010"
},
{
"name": "oval:org.mitre.oval:def:4287",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4287"
},
{
"name": "HPSBST02299",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "TA07-345A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
},
{
"name": "VU#321233",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/321233"
},
{
"name": "ADV-2007-4180",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4180"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-3895",
"datePublished": "2007-12-12T00:00:00",
"dateReserved": "2007-07-19T00:00:00",
"dateUpdated": "2024-08-07T14:37:04.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1537 (GCVE-0-2012-1537)
Vulnerability from nvd – Published: 2012-12-12 00:00 – Updated: 2024-08-06 19:01
VLAI?
Summary
Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:01.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA12-346A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-346A.html"
},
{
"name": "MS12-082",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-082"
},
{
"name": "oval:org.mitre.oval:def:16086",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16086"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"DirectPlay Heap Overflow Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "TA12-346A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-346A.html"
},
{
"name": "MS12-082",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-082"
},
{
"name": "oval:org.mitre.oval:def:16086",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16086"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"DirectPlay Heap Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA12-346A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-346A.html"
},
{
"name": "MS12-082",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-082"
},
{
"name": "oval:org.mitre.oval:def:16086",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16086"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1537",
"datePublished": "2012-12-12T00:00:00",
"dateReserved": "2012-03-08T00:00:00",
"dateUpdated": "2024-08-06T19:01:01.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1879 (GCVE-0-2010-1879)
Vulnerability from nvd – Published: 2010-06-08 22:00 – Updated: 2024-08-07 01:35
VLAI?
Summary
Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "Media Decompression Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:7517",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7517"
},
{
"name": "MS10-033",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033"
},
{
"name": "TA10-159B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka \"Media Decompression Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:7517",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7517"
},
{
"name": "MS10-033",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033"
},
{
"name": "TA10-159B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-1879",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka \"Media Decompression Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:7517",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7517"
},
{
"name": "MS10-033",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033"
},
{
"name": "TA10-159B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2010-1879",
"datePublished": "2010-06-08T22:00:00",
"dateReserved": "2010-05-11T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1880 (GCVE-0-2010-1880)
Vulnerability from nvd – Published: 2010-06-08 22:00 – Updated: 2024-08-07 01:35
VLAI?
Summary
Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6641",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6641"
},
{
"name": "65222",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/65222"
},
{
"name": "MS10-033",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033"
},
{
"name": "TA10-159B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka \"MJPEG Media Decompression Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6641",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6641"
},
{
"name": "65222",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/65222"
},
{
"name": "MS10-033",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033"
},
{
"name": "TA10-159B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-1880",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka \"MJPEG Media Decompression Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:6641",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6641"
},
{
"name": "65222",
"refsource": "OSVDB",
"url": "http://osvdb.org/65222"
},
{
"name": "MS10-033",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033"
},
{
"name": "TA10-159B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2010-1880",
"datePublished": "2010-06-08T22:00:00",
"dateReserved": "2010-05-11T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1539 (GCVE-0-2009-1539)
Vulnerability from nvd – Published: 2009-07-15 15:00 – Updated: 2024-08-07 05:20
VLAI?
Summary
The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:33.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS09-028",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028"
},
{
"name": "55845",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55845"
},
{
"name": "oval:org.mitre.oval:def:6341",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6341"
},
{
"name": "ADV-2009-1886",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1886"
},
{
"name": "TA09-195A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka \"DirectX Size Validation Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS09-028",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028"
},
{
"name": "55845",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55845"
},
{
"name": "oval:org.mitre.oval:def:6341",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6341"
},
{
"name": "ADV-2009-1886",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1886"
},
{
"name": "TA09-195A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-1539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka \"DirectX Size Validation Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS09-028",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028"
},
{
"name": "55845",
"refsource": "OSVDB",
"url": "http://osvdb.org/55845"
},
{
"name": "oval:org.mitre.oval:def:6341",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6341"
},
{
"name": "ADV-2009-1886",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1886"
},
{
"name": "TA09-195A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-1539",
"datePublished": "2009-07-15T15:00:00",
"dateReserved": "2009-05-05T00:00:00",
"dateUpdated": "2024-08-07T05:20:33.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1538 (GCVE-0-2009-1538)
Vulnerability from nvd – Published: 2009-07-15 15:00 – Updated: 2024-08-07 05:20
VLAI?
Summary
The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:33.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS09-028",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028"
},
{
"name": "oval:org.mitre.oval:def:5963",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5963"
},
{
"name": "55844",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55844"
},
{
"name": "ADV-2009-1886",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1886"
},
{
"name": "35600",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35600"
},
{
"name": "TA09-195A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka \"DirectX Pointer Validation Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS09-028",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028"
},
{
"name": "oval:org.mitre.oval:def:5963",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5963"
},
{
"name": "55844",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55844"
},
{
"name": "ADV-2009-1886",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1886"
},
{
"name": "35600",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35600"
},
{
"name": "TA09-195A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-1538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka \"DirectX Pointer Validation Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS09-028",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028"
},
{
"name": "oval:org.mitre.oval:def:5963",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5963"
},
{
"name": "55844",
"refsource": "OSVDB",
"url": "http://osvdb.org/55844"
},
{
"name": "ADV-2009-1886",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1886"
},
{
"name": "35600",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35600"
},
{
"name": "TA09-195A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-1538",
"datePublished": "2009-07-15T15:00:00",
"dateReserved": "2009-05-05T00:00:00",
"dateUpdated": "2024-08-07T05:20:33.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1537 (GCVE-0-2009-1537)
Vulnerability from nvd – Published: 2009-05-29 18:00 – Updated: 2024-08-07 05:13
VLAI?
Summary
Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:25.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS09-028",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.technet.com/srd/archive/2009/05/28/new-vulnerability-in-quicktime-parsing.aspx"
},
{
"name": "oval:org.mitre.oval:def:6237",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6237"
},
{
"name": "35268",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35268"
},
{
"name": "1022299",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022299"
},
{
"name": "ADV-2009-1886",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1886"
},
{
"name": "ADV-2009-1445",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1445"
},
{
"name": "54797",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54797"
},
{
"name": "35139",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35139"
},
{
"name": "TA09-195A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isc.sans.org/diary.html?storyid=6481"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.microsoft.com/technet/security/advisory/971778.mspx"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.technet.com/msrc/archive/2009/05/28/microsoft-security-advisory-971778-vulnerability-in-microsoft-directshow-released.aspx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka \"DirectX NULL Byte Overwrite Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS09-028",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.technet.com/srd/archive/2009/05/28/new-vulnerability-in-quicktime-parsing.aspx"
},
{
"name": "oval:org.mitre.oval:def:6237",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6237"
},
{
"name": "35268",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35268"
},
{
"name": "1022299",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022299"
},
{
"name": "ADV-2009-1886",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1886"
},
{
"name": "ADV-2009-1445",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1445"
},
{
"name": "54797",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54797"
},
{
"name": "35139",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35139"
},
{
"name": "TA09-195A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isc.sans.org/diary.html?storyid=6481"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.microsoft.com/technet/security/advisory/971778.mspx"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.technet.com/msrc/archive/2009/05/28/microsoft-security-advisory-971778-vulnerability-in-microsoft-directshow-released.aspx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-1537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka \"DirectX NULL Byte Overwrite Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS09-028",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028"
},
{
"name": "http://blogs.technet.com/srd/archive/2009/05/28/new-vulnerability-in-quicktime-parsing.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/srd/archive/2009/05/28/new-vulnerability-in-quicktime-parsing.aspx"
},
{
"name": "oval:org.mitre.oval:def:6237",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6237"
},
{
"name": "35268",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35268"
},
{
"name": "1022299",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022299"
},
{
"name": "ADV-2009-1886",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1886"
},
{
"name": "ADV-2009-1445",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1445"
},
{
"name": "54797",
"refsource": "OSVDB",
"url": "http://osvdb.org/54797"
},
{
"name": "35139",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35139"
},
{
"name": "TA09-195A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
},
{
"name": "http://isc.sans.org/diary.html?storyid=6481",
"refsource": "MISC",
"url": "http://isc.sans.org/diary.html?storyid=6481"
},
{
"name": "http://www.microsoft.com/technet/security/advisory/971778.mspx",
"refsource": "CONFIRM",
"url": "http://www.microsoft.com/technet/security/advisory/971778.mspx"
},
{
"name": "http://blogs.technet.com/msrc/archive/2009/05/28/microsoft-security-advisory-971778-vulnerability-in-microsoft-directshow-released.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/msrc/archive/2009/05/28/microsoft-security-advisory-971778-vulnerability-in-microsoft-directshow-released.aspx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-1537",
"datePublished": "2009-05-29T18:00:00",
"dateReserved": "2009-05-05T00:00:00",
"dateUpdated": "2024-08-07T05:13:25.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0084 (GCVE-0-2009-0084)
Vulnerability from nvd – Published: 2009-04-15 03:49 – Updated: 2024-08-07 04:24
VLAI?
Summary
Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:17.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA09-104A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"name": "53632",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53632"
},
{
"name": "34665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34665"
},
{
"name": "1022040",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022040"
},
{
"name": "ADV-2009-1025",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1025"
},
{
"name": "oval:org.mitre.oval:def:5618",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5618"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-132.htm"
},
{
"name": "34460",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34460"
},
{
"name": "MS09-011",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-011"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.piotrbania.com/all/adv/ms-directx-mjpeg-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka \"MJPEG Decompression Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA09-104A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"name": "53632",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53632"
},
{
"name": "34665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34665"
},
{
"name": "1022040",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022040"
},
{
"name": "ADV-2009-1025",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1025"
},
{
"name": "oval:org.mitre.oval:def:5618",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5618"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-132.htm"
},
{
"name": "34460",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34460"
},
{
"name": "MS09-011",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-011"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.piotrbania.com/all/adv/ms-directx-mjpeg-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-0084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka \"MJPEG Decompression Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA09-104A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"name": "53632",
"refsource": "OSVDB",
"url": "http://osvdb.org/53632"
},
{
"name": "34665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34665"
},
{
"name": "1022040",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022040"
},
{
"name": "ADV-2009-1025",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1025"
},
{
"name": "oval:org.mitre.oval:def:5618",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5618"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-132.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-132.htm"
},
{
"name": "34460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34460"
},
{
"name": "MS09-011",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-011"
},
{
"name": "http://www.piotrbania.com/all/adv/ms-directx-mjpeg-adv.txt",
"refsource": "MISC",
"url": "http://www.piotrbania.com/all/adv/ms-directx-mjpeg-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-0084",
"datePublished": "2009-04-15T03:49:00",
"dateReserved": "2009-01-08T00:00:00",
"dateUpdated": "2024-08-07T04:24:17.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1444 (GCVE-0-2008-1444)
Vulnerability from nvd – Published: 2008-06-12 01:30 – Updated: 2024-08-07 08:24
VLAI?
Summary
Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1780"
},
{
"name": "3937",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3937"
},
{
"name": "1020223",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020223"
},
{
"name": "MS08-033",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033"
},
{
"name": "29578",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29578"
},
{
"name": "oval:org.mitre.oval:def:5562",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5562"
},
{
"name": "TA08-162B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
},
{
"name": "HPSBST02344",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-040/"
},
{
"name": "30579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30579"
},
{
"name": "20080610 ZDI-08-040: Microsoft DirectX SAMI File Format Name Parsing Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493250/100/0/threaded"
},
{
"name": "SSRT080087",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the \"SAMI Format Parsing Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ADV-2008-1780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1780"
},
{
"name": "3937",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3937"
},
{
"name": "1020223",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020223"
},
{
"name": "MS08-033",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033"
},
{
"name": "29578",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29578"
},
{
"name": "oval:org.mitre.oval:def:5562",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5562"
},
{
"name": "TA08-162B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
},
{
"name": "HPSBST02344",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-040/"
},
{
"name": "30579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30579"
},
{
"name": "20080610 ZDI-08-040: Microsoft DirectX SAMI File Format Name Parsing Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493250/100/0/threaded"
},
{
"name": "SSRT080087",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-1444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the \"SAMI Format Parsing Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1780",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1780"
},
{
"name": "3937",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3937"
},
{
"name": "1020223",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020223"
},
{
"name": "MS08-033",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033"
},
{
"name": "29578",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29578"
},
{
"name": "oval:org.mitre.oval:def:5562",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5562"
},
{
"name": "TA08-162B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
},
{
"name": "HPSBST02344",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-040/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-040/"
},
{
"name": "30579",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30579"
},
{
"name": "20080610 ZDI-08-040: Microsoft DirectX SAMI File Format Name Parsing Stack Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493250/100/0/threaded"
},
{
"name": "SSRT080087",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-1444",
"datePublished": "2008-06-12T01:30:00",
"dateReserved": "2008-03-21T00:00:00",
"dateUpdated": "2024-08-07T08:24:41.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0011 (GCVE-0-2008-0011)
Vulnerability from nvd – Published: 2008-06-12 01:30 – Updated: 2024-08-07 07:32
VLAI?
Summary
Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:23.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1780"
},
{
"name": "oval:org.mitre.oval:def:5236",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5236"
},
{
"name": "1020222",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020222"
},
{
"name": "MS08-033",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033"
},
{
"name": "TA08-162B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
},
{
"name": "HPSBST02344",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
},
{
"name": "29581",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29581"
},
{
"name": "30579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30579"
},
{
"name": "SSRT080087",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the \"MJPEG Decoder Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1780"
},
{
"name": "oval:org.mitre.oval:def:5236",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5236"
},
{
"name": "1020222",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020222"
},
{
"name": "MS08-033",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033"
},
{
"name": "TA08-162B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
},
{
"name": "HPSBST02344",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
},
{
"name": "29581",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29581"
},
{
"name": "30579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30579"
},
{
"name": "SSRT080087",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the \"MJPEG Decoder Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1780",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1780"
},
{
"name": "oval:org.mitre.oval:def:5236",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5236"
},
{
"name": "1020222",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020222"
},
{
"name": "MS08-033",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033"
},
{
"name": "TA08-162B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
},
{
"name": "HPSBST02344",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
},
{
"name": "29581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29581"
},
{
"name": "30579",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30579"
},
{
"name": "SSRT080087",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0011",
"datePublished": "2008-06-12T01:30:00",
"dateReserved": "2007-12-13T00:00:00",
"dateUpdated": "2024-08-07T07:32:23.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}