Intrusion Prevention

MS.Windows.Directshow.WAV.And.AVI.File.Parse.Buffer.Overflow

Description

This indicates a possible attempt to exploit a vulnerability in Microsoft Windows DirectX.
The vulnerability is caused by a buffer overflow that occurs when DirectX handles malformed WAV format files. It allows remote attackers to execute arbitrary code by tricking a user into opening a malicious wav file.

Affected Products

DirectX 8.0 on Microsoft Windows 2000 Service Pack 4
DirectX 9.0 on Microsoft Windows 2000 Service Pack 4
DirectShow on Windows 2000 Service Pack 4
DirectShow on Windows XP Service Pack 2
DirectShow on Windows XP Professional x64 Edition
DirectShow on Windows XP Professional x64 Edition Service Pack 2
DirectShow on Windows Server 2003 Service Pack 1
DirectShow on Windows Server 2003 Service Pack 2
DirectShow on Windows Server 2003 with SP1 for Itanium-based Systems
DirectShow on Windows Server 2003 with SP2 for Itanium-based Systems
DirectShow on Windows Server 2003 x64 Edition
DirectShow on Windows Server 2003 x64 Edition Service Pack 2
DirectShow on Windows Vista
DirectShow on Windows Vista x64 Edition

Impact

System Compromise: remote attackers can gain control of vulnerable systems.

Recommended Actions

Refer to the vendor's web site for suggested workground.
http://www.microsoft.com/technet/security/Bulletin/ms07-064.mspx

CVE References

CVE-2007-3895