Overview
» IDS/IPS Signatures
Security Sites
Products
White Papers
Data Sheets
Case Studies
Support Login
Locate a Partner
iPolicy Networks Security Advisory
 

Microsoft SAMI Format Parsing Remote Code Execution Vulnerability
Date Discovered: 06/10/2008
Severity: High
Operating Systems Affected: Microsoft Windows 2000 SP4
Microsoft Windows XP SP2
Microsoft Windows XP SP3
Microsoft Windows XP Professional x64
Microsoft Windows XP Professional x64 SP2
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 x64
Microsoft Windows Server 2003 x64 SP2
Microsoft Windows Vista
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista x64
Microsoft Windows Vista x64 SP1
Applications Affected: DirectX 7.0
DirectX 8.1
DirectX 9.0
DirectX 10.0
Synopsis
A remote code execution vulnerability exists in the way DirectX handles supported SAMI format files. This vulnerability could allow remote code execution if a user opened a specially crafted file.
Recommended Actions
Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms08-033.mspx
Threat Analysis
Microsoft Synchronized Accessible Media Interchange (SAMI) is a media format that allows a content developer to include captions with digital media files. SAMI was designed and developed to caption the digital media widely available in PC systems. SAMI captions coexist with digital media as separate, simple text files.

DirectX does not perform sufficient parsing of the parameters of Synchronized Accessible Media Interchange (SAMI) file types. To exploit this vulnerability, an attacker would have to convince a user to open a specially crafted SAMI file. Since the vulnerability is in the streaming component of Microsoft Windows, attacks can be launched from a specially crafted Web site or any application that delivers Web content.

An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. An attacker could then install programs, view, change, delete data or create new accounts with full user rights.
References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1444

Write-up by: Aditya Chaturvedi
Security Sites
 
“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”
 
Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner
 

 
Home | About Us | Products | Technology | Solutions | Support | Partners | News & Events | Resources | Contact Us
Copyright ©2008 iPolicy Networks - Security Product Division of Tech Mahindra Limited | Privacy Policy | Site Map