Check Point Advisories

Update Protection against Microsoft AVI File Parsing Remote Code Execution Vulnerability (MS07-064)

Check Point Reference: CPAI-2007-140
Date Published: 18 Dec 2007
Severity: Critical
Last Updated: Monday 01 January, 2007
Source: Microsoft Security Bulletin MS07-064
Industry Reference:CVE-2007-3895
Protection Provided by:
Who is Vulnerable? Microsoft DirectX 7.0
Microsoft DirectX 8.1
Microsoft DirectX 9.0c
Microsoft DirectX 10
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Vulnerability Description A remote code execution vulnerability has been reported in Microsoft DirectX. Microsoft DirectX is a set of libraries that aim for accelerated video and audio experience on Microsoft Windows operating system. DirectX can parse various file formats which include AVI files. A remote attacker can exploit this vulnerability via a specially crafted AVI file. Successful exploitation of the vulnerability allows execution of arbitrary code on a vulnerable system.
Update/Patch AvaliableApply patches:
Microsoft Security Bulletin MS07-064
Vulnerability DetailsThe vulnerability is due to errors in Microsoft DirectX that fails to properly handle malformed AVI files. A remote attacker could trigger this flaw via a specially crafted AVI file. Successful exploitation allows execution of arbitrary code once a malformed AVI file is being loaded on a vulnerable system.

Protection Overview

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.