PT-2009-2784 · Microsoft · Directshow+1

Piotr Bania

Publicado

2009-04-15

Atualizado

2019-02-26

CVE-2009-0084

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft DirectX versions 8.1 through 9.0

Description The issue is related to a use-after-free vulnerability in DirectShow, which can be exploited by remote attackers to execute arbitrary code. This can be achieved through an MJPEG file or video stream containing a malformed Huffman table. The vulnerability triggers an exception that frees heap memory, which is later accessed, leading to potential code execution.

Recommendations For Microsoft DirectX versions 8.1 through 9.0, update to a newer version that contains a fix for this issue.

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2009-0084

Produtos afetados

Directshow

Directx

PT-2009-2784 · Microsoft · Directshow+1

CVE-2009-0084

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11