HighProventia Desktop, Proventia Network IPS, RealSecure Network, RealSecure Server Sensor, BlackICE PC Protection, BlackICE Server Protection, IBM Security Server Protection for Windows, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:
This signature detects a malformed ASF media file which will cause a heap-based buffer overflow in vulnerable software on systems that have not applied updates per Microsoft Security Bulletin MS07-068
High
Proventia Desktop: 2080, Proventia Network IPS: XPU 27.070, RealSecure Network: XPU 27.070, RealSecure Server Sensor: XPU 27.070, BlackICE PC Protection: 3.6cqn, BlackICE Server Protection: 3.6.cqn, IBM Security Server Protection for Windows: 1.0.914.2080, Proventia Network MFS: XPU 27.070, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia-G 1.1 and earlier: XPU 27.070, Proventia Network IDS: XPU 27.070, Proventia Server IPS for Linux technology: 27.070, Virtual Server Protection for Vmware: 1.0
Microsoft Windows 2000: SP4, Microsoft Windows 2003 Server: x64, Microsoft Windows XP: SP2, Microsoft Windows XP: x64 Professional, Microsoft Windows Media Format Runtime: 9.5 x64, Microsoft Windows Vista, Microsoft Windows Server 2003: SP2, Microsoft Windows Server 2003: SP2 x64, Microsoft Windows Vista: x64, Microsoft Windows XP: SP2 x64 Professional, Microsoft Windows Media Format Runtime: 7.1, Microsoft Windows Media Format Runtime: 9, Microsoft Windows Media Format Runtime: 9.5, Microsoft Windows Media Format Runtime: 11, Microsoft Windows Media Services: 9.1
Unauthorized Access Attempt
Microsoft Windows Media File Format is vulnerable to multiple heap-based buffer overflows, caused by improper validation of Advanced Systems Format (ASF) files. By persuading a victim to open a specially-crafted ASF file, a remote attacker could overflow a buffer and execute arbitrary code on the system. An attacker could exploit these vulnerabilities by sending the malicious file as an email attachment or hosting it on a Web site.
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.
Microsoft Security Bulletin MS07-068
Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275)
http://www.microsoft.com/technet/security/Bulletin/MS07-068.mspx
IBM Internet Security Systems X-Force Database
Microsoft Windows Media File Format Degradable JPEG Media Stream buffer overflow
http://xforce.iss.net/xforce/xfdb/38827
IBM Internet Security Systems X-Force Database
Microsoft Windows Media File Format audio_conceal_none buffer overflow
http://xforce.iss.net/xforce/xfdb/38828
IBM Internet Security Systems X-Force Database
Microsoft Windows Media File Format Stream Property error correction and type-specific buffer overflow
http://xforce.iss.net/xforce/xfdb/38829
IBM Internet Security Systems X-Force Database
Microsoft Windows Media File Format Stream Property error correction buffer overflow
http://xforce.iss.net/xforce/xfdb/38830
IBM Internet Security Systems Protection Advisory Dec. 11, 2007
Multiple (4) Microsoft Windows Media Player .ASF Remote Code Execution Vulnerabilities
http://www.iss.net/threats/279.html
Microsoft Security Bulletin MS08-076
Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)
http://www.microsoft.com/technet/security/bulletin/ms08-076.mspx
ISS X-Force
Microsoft Windows Media File Format ASF multiple buffer overflows
http://www.iss.net/security_center/static/33225.php
CVE
CVE-2007-0064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0064