Intrusion Prevention

MS.Windows.DirectX.SAMI.File.Parse.Buffer.Overflow

Description

This indicates an attempt to exploit a vulnerability in DirectShow in Mircrosoft Windows.
This vulnerability is caused by an input validation error in DirectShow that occurs when handling malformed Synchronized Accessible Media Interchange (SAMI) files. It allows remote attackers to execute arbitrary code via a crafted SAMI file.

Affected Products

DirectX 8.0 on Microsoft Windows 2000 Service Pack 4
DirectX 9.0 on Microsoft Windows 2000 Service Pack 4
DirectShow on Windows 2000 Service Pack 4
DirectShow on Windows XP Service Pack 2
DirectShow on Windows XP Professional x64 Edition
DirectShow on Windows XP Professional x64 Edition Service Pack 2
DirectShow on Windows Server 2003 Service Pack 1
DirectShow on Windows Server 2003 Service Pack 2
DirectShow on Windows Server 2003 with SP1 for Itanium-based Systems
DirectShow on Windows Server 2003 with SP2 for Itanium-based Systems
DirectShow on Windows Server 2003 x64 Edition
DirectShow on Windows Server 2003 x64 Edition Service Pack 2
DirectShow on Windows Vista
DirectShow on Windows Vista x64 Edition

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Refer to the vendor's web site for the suggested workaround:
http://www.microsoft.com/technet/security/bulletin/MS07-064.mspx

CVE References

CVE-2007-3901