Microsoft DirectX RLE Compressed Targa Image Processing Buffer Overflow

Posted on Thursday, July 19, 2007 @ 19:21:38 UTC in Security
by raven

SECUNIA ADVISORY ID: SA26131

VERIFY ADVISORY: http://secunia.com/advisories/26131/

CRITICAL: Highly critical

IMPACT: System access

WHERE: >From remote

SOFTWARE:
Microsoft DirectX 9.x - http://secunia.com/product/1915/
Microsoft DirectX SDK - http://secunia.com/product/14831/
Microsoft DirectX 8.x - http://secunia.com/product/1914/
Microsoft DirectX 7.x - http://secunia.com/product/1913/

DESCRIPTION: A vulnerability has been reported in Microsoft DirectX, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an input validation error when processing RLE compressed Targa images. This can be exploited to cause a heap-based buffer overflow via a specially crafted Targa image. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in Microsoft's DirectX SDK and End-User Runtimes dated February 2006. Other versions may also be affected.

SOLUTION: Update to the October 2006 SDK and End-User Runtime release or later.

PROVIDED AND/OR DISCOVERED BY: Ruben Santamarta, Reverse Mode

ORIGINAL ADVISORY:
Reverse Mode: http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=52
iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=562
 
 
click Related        click Share
 
News ©

Site Info

Last SeenLast Seen
  • neralex
  • nextgen
Server TrafficServer Traffic
  • Total: 481,642,462
  • Today: 9,764
Server InfoServer Info
  • Mar 29, 2024
  • 06:55 am UTC