www.my10sen.com

Peter Winter-Smith of NGSSoftware last week reported a serious flaw in the microsoft directX technology. DirectX is a feature of the Microsoft Windows operating system used for streaming multimedia content. DirectX integrates DirectShow technology to provide high-quality capture of streaming media such as video and audio. A stack-based buffer overflow exists due to DirectShow’s improper parsing of WAV and AVI files. By successfully persuading a user to access a specially crafted WAV or AVI file, a remote, unauthenticated attacker could trigger the buffer overflow.

A remote unauthenticated attacker could execute arbitrary code on a vulnerable system, An attacker could then install programs view, change, or delete data or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Source : Microsoft