This Metasploit module exploits a stack overflow in the DirectShow Synchronized Accessible Media Interchanged (SAMI) parser in quartz.dll. This Metasploit module has only been tested with Windows Media Player (6.4.09.1129) and DirectX 8.0.
20138beebb9160875d7fc9948352ad7b8bb08395bcbaff2c18e18c66b4ff8a77iDefense Security Advisory 12.11.07 - Remote exploitation of a stack buffer overflow vulnerability in Microsoft Corp.'s DirectShow could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability exists in the DirectShow SAMI parser, which is implemented in quartz.dll. When the SAMI parser copies parameters into a stack buffer, it does not properly check the length of the parameter. As such, parsing a specially crafted SAMI file can cause a stack-based buffer overflow. This allows an attacker to execute arbitrary code. iDefense has confirmed Microsoft DirectX 7.x and Microsoft DirectX 8.x are vulnerable. Microsoft DirectX 9.0c or newer is not vulnerable.
13a7ee86d40260d7b3d9c10a605bff89d2993050d850639780f669cac844978c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed