Microsoft DirectX RLE Compressed Targa Image Processing Buffer Overflow

Posted on Thursday, July 19, 2007 @ 19:21:38 PDT in Security
by raven



CRITICAL: Highly critical

IMPACT: System access

WHERE: >From remote

Microsoft DirectX 9.x -
Microsoft DirectX SDK -
Microsoft DirectX 8.x -
Microsoft DirectX 7.x -

DESCRIPTION: A vulnerability has been reported in Microsoft DirectX, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an input validation error when processing RLE compressed Targa images. This can be exploited to cause a heap-based buffer overflow via a specially crafted Targa image. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in Microsoft's DirectX SDK and End-User Runtimes dated February 2006. Other versions may also be affected.

SOLUTION: Update to the October 2006 SDK and End-User Runtime release or later.

PROVIDED AND/OR DISCOVERED BY: Ruben Santamarta, Reverse Mode

Reverse Mode:
iDefense Labs:
click Related        click Share
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 369,930,845
  • Today: 62,653
Server InfoServer Info
  • Oct 22, 2018
  • 05:51 pm PDT

Daily Inspiration