CVE-2010-0250

Name of the Vulnerable Software and Affected Versions Microsoft DirectX versions prior to the fixed version Microsoft Windows 2000 SP4 Microsoft Windows XP SP2 and SP3 Microsoft Windows Server 2003 SP2 Microsoft Windows Vista Gold, SP1, and SP2 Microsoft Windows Server 2008 Gold, SP2, and R2 Microsoft Windows 7

Description A heap-based buffer overflow issue exists in DirectShow, as used in the AVI Filter on various Windows versions, and in Quartz. This issue allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor.

Recommendations For Microsoft Windows 2000 SP4, update to a newer version to mitigate the risk. For Microsoft Windows XP SP2 and SP3, update to a newer version to mitigate the risk. For Microsoft Windows Server 2003 SP2, update to a newer version to mitigate the risk. For Microsoft Windows Vista Gold, SP1, and SP2, update to a newer version to mitigate the risk. For Microsoft Windows Server 2008 Gold, SP2, and R2, update to a newer version to mitigate the risk. For Microsoft Windows 7, update to a newer version to mitigate the risk. As a temporary workaround, consider disabling the RLE video decompressor until a patch is available.