55651 : Microsoft DirectShow Video Streaming ActiveX (msvidctl.dll) IMPEG2TuneRequest DirectX Object Interface Overflow
Printer | http://osvdb.org/55651 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
14	5237	over 2 years ago	12 months ago	40 times	90%

Timeline

Disclosure Date
2009-07-06

Keywords

clsid:0955AC62-BF2E-4CBA-A2B9-A63F772D46CF

Description

A buffer overflow exists in Windows. The DirectShow ActiveX control fails to validate data passed to the IMPEG2TuneRequest interface resulting in a stack overflow. With a specially crafted website, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Workaround
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure, Discovered in the Wild
OSVDB: Web Related

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: set the kill-bit on the DirectShow ActiveX Control (CLSID 0955AC62-BF2E-4CBA-A2B9-A63F772D46CF). See Microsoft KB article 240797 for more details.

Products

Microsoft Corporation	Windows	XP SP2
		2003 Server SP2
		2003 Server x64 SP2
		2003 Server for Itanium SP2
		XP SP3
		XP x64 SP2

References

CVE ID: 2008-0015 (see also: NVD)
Bugtraq ID: 35558
Secunia Advisory ID: 35683 36187
SCIP VulDB ID: 4001
Metasploit ID: 55651
Milw0rm: 9108
Exploit Database: 9108
Microsoft Knowledge Base Article: 972890 973346 973354 973507 973540 973544 973815 973869 973908
Other Advisory URL: http://blog.duba.net/read.php/225.htm
http://blog.duba.net/read.php/226.htm
http://blogs.technet.com/srd/archive/2009/07/06/new-vulnerability-in-mpeg2tunerequest-activex-control-object-in-msvidctl-dll.aspx
http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx
http://isc.sans.org/diary.html?storyid=6733&rss
http://www.csis.dk/dk/nyheder/nyheder.asp?tekstID=799
http://www.rec-sec.com/2009/07/06/ms-directshow-msvidctl-exploit/
http://www.symantec.com/connect/blogs/let-celebration-come-end
Generic Exploit URL: http://immunitysec.com
News Article: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1361009,00.html
http://voices.washingtonpost.com/securityfix/2009/07/msft_scrambling_to_close_stubb.html?wprss=securityfix
http://www.scmagazineus.com/Microsoft-reveals-additional-details-on-ActiveX-flaw/article/139883/
http://www.scmagazineus.com/Microsoft-warns-of-Video-ActiveX-control-flaw/article/139588/
Mail List Post: http://seclists.org/bugtraq/2009/Nov/192
Microsoft Security Bulletin: MS09-032 MS09-037
US-CERT Cyber Security Alert: TA09-187A

Tools & Filters

Snort

15588 15589 15590 15591 15592 15593 15594 15595 15596 15597 15598 15599 15600 15601 15602 15603 15604 15605 15606 15607 15608 15609 15610 15611 15612 15613 15614 15615 15616 15617 15618 15619 15620 15621 15622 15623 15624 15625 15626 15627 15628 15629 15630 15631 15632 15633 15634 15635 15636 15637 15640 15641 15642 15643 15644 15645 15646 15647 15648 15649 15650 15651 15652 15653 15654 15655 15656 15657 15658 15659 15660 15661 15662 15663 15664 15665 15666 15667 15668 15669 15670 ... and 12 more

39622 40556

Credit

Ryan Smith - whatstheaddressgmail.com - Hustle Labs

CVSSv2 Score

CVSSv2 Base Score = 9.3
Source: nvd.nist.gov | Generated: 2009-07-08 | Disagree?

Blogs

This product uses the Daylife API but is not endorsed or certified by Daylife.

This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.