Microsoft DirectX RLE Compressed Targa Image Processing Buffer Overflow

Posted on Thursday, July 19, 2007 @ 20:21:38 PDT in Security
by raven



CRITICAL: Highly critical

IMPACT: System access

WHERE: >From remote

Microsoft DirectX 9.x -
Microsoft DirectX SDK -
Microsoft DirectX 8.x -
Microsoft DirectX 7.x -

DESCRIPTION: A vulnerability has been reported in Microsoft DirectX, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an input validation error when processing RLE compressed Targa images. This can be exploited to cause a heap-based buffer overflow via a specially crafted Targa image. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in Microsoft's DirectX SDK and End-User Runtimes dated February 2006. Other versions may also be affected.

SOLUTION: Update to the October 2006 SDK and End-User Runtime release or later.

PROVIDED AND/OR DISCOVERED BY: Ruben Santamarta, Reverse Mode

Reverse Mode:
iDefense Labs:
click Related        click Share
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 346,396,747
  • Today: 336
Server InfoServer Info
  • Jan 23, 2018
  • 12:09 am PST

Daily Inspiration