Microsoft DirectX RLE Compressed Targa Image Processing Buffer Overflow

Posted on Thursday, July 19, 2007 @ 19:21:38 PDT in Security
by raven

SECUNIA ADVISORY ID: SA26131

VERIFY ADVISORY: http://secunia.com/advisories/26131/

CRITICAL: Highly critical

IMPACT: System access

WHERE: >From remote

SOFTWARE:
Microsoft DirectX 9.x - http://secunia.com/product/1915/
Microsoft DirectX SDK - http://secunia.com/product/14831/
Microsoft DirectX 8.x - http://secunia.com/product/1914/
Microsoft DirectX 7.x - http://secunia.com/product/1913/

DESCRIPTION: A vulnerability has been reported in Microsoft DirectX, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an input validation error when processing RLE compressed Targa images. This can be exploited to cause a heap-based buffer overflow via a specially crafted Targa image. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in Microsoft's DirectX SDK and End-User Runtimes dated February 2006. Other versions may also be affected.

SOLUTION: Update to the October 2006 SDK and End-User Runtime release or later.

PROVIDED AND/OR DISCOVERED BY: Ruben Santamarta, Reverse Mode

ORIGINAL ADVISORY:
Reverse Mode: http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=52
iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=562
 
 
click Related        click Share
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 369,930,845
  • Today: 62,653
Server InfoServer Info
  • Oct 22, 2018
  • 05:51 pm PDT
 
 

Daily Inspiration