HighProventia Desktop, Proventia Network IPS, RealSecure Network, RealSecure Server Sensor, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, IBM Security Server Protection for Windows, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:
This event detects an AVI MJPEG video with invalid data that is not handled appropriately by DirectShow. A remote attacker could provide a specially crafted file to exploit this vulnerability and execute code provided by the attacker on the victim's computer.
High
Proventia Desktop: 2380, Proventia Network IPS: XPU 29.040, RealSecure Network: XPU 29.040, RealSecure Server Sensor: XPU 29.040, Proventia Network MFS: XPU 29.040, Proventia-G 1.1 and earlier: XPU 29.040, Proventia Network IDS: XPU 29.040, IBM Security Server Protection for Windows: 1.0.914.2380, IBM Security Server Protection for Windows: 2.0.300.2380, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia Server IPS for Linux technology: 29.040, Virtual Server Protection for Vmware: 1.0
Microsoft DirectX: 8.1, Microsoft Windows 2000: SP4, Microsoft Windows 2003 Server: x64, Microsoft Windows XP: SP2, Microsoft Windows 2003 Server: SP1, Microsoft Windows XP: x64 Professional, Microsoft Windows 2003 Server: SP1 Itanium, Microsoft DirectX: 9.0, Microsoft Windows Server 2003: SP2, Microsoft Windows Server 2003: SP2 Itanium, Microsoft Windows Server 2003: SP2 x64, Microsoft Windows XP: SP2 x64 Professional, Microsoft Windows XP: SP3
Unauthorized Access Attempt
Microsoft DirectShow, which is part of Microsoft DirectX, could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of specially-crafted compressed files. By persuading a victim to open a specially-crafted MJPEG file, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim.
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.
Microsoft Security Bulletin MS09-011
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)
http://www.microsoft.com/technet/security/bulletin/ms09-011.mspx
Microsoft Security Bulletin MS09-028
Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)
http://www.microsoft.com/technet/security/bulletin/ms09-028.mspx
Microsoft Security Bulletin MS10-013
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)
http://www.microsoft.com/technet/security/bulletin/ms10-013.mspx
Microsoft Security Bulletin MS10-033
Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)
http://www.microsoft.com/technet/security/bulletin/ms10-033.mspx
Microsoft Security Bulletin MS10-094
Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (2447961
http://www.microsoft.com/technet/security/bulletin/ms10-094.mspx
Microsoft Security Bulletin MS12-004
Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)
http://www.microsoft.com/technet/security/bulletin/ms12-004.mspx
ISS X-Force
Microsoft DirectShow MJPEG code execution
http://www.iss.net/security_center/static/49559.php
CVE
CVE-2009-0084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0084