CVE-2012-1537
https://notcve.org/view.php?id=CVE-2012-1537
Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability." Un desbordamiento de búfer basado en memoria dinámica en DirectPlay en DirectX v9.0 a v11.1 en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 Service Pack 2, R2, R2 SP1 y, Windows 7 Gold y SP1, Windows 8 y Windows Server 2012 permite a atacantes remotos ejecutar código de su elección a través de un documento de Office modificado. Se trata de un problema también conocido como "Vulnerabilidad de desbordamiento del monticulo de DirectPlay". • http://www.us-cert.gov/cas/techalerts/TA12-346A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-082 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16086 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-0011
https://notcve.org/view.php?id=CVE-2008-0011
Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability." Microsoft DirectX 8.1 a 9.0c, y DirectX en Microsoft XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, y Server 2008 no realiza adecuadamente la comprobación de errores MJPEG lo cual podría permitir a usuarios remotos ejecutar código de su elección a través de una cadena de datos MJPEG manipulada en un archivo (1) AVI o (2) ASF, también conocida como la "Vulnerabilidad del decodificador MJPEG" • http://marc.info/?l=bugtraq&m=121380194923597&w=2 http://secunia.com/advisories/30579 http://securitytracker.com/id?1020222 http://www.securityfocus.com/bid/29581 http://www.us-cert.gov/cas/techalerts/TA08-162B.html http://www.vupen.com/english/advisories/2008/1780 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5236 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-1444 – Microsoft DirectX SAMI File Format Name Parsing Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-1444
Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability." Desbordamiento de búfer basado en pila en Microsoft DirectX 7.0 y 8.1 o en Windows 2000 SP4 permite a atacantes remotos ejecutar código de su elección a través de un archivo Synchronized Accessible Media Interchange (SAMI) con parámetros manipulados para una variable Class Name, también conocida como la "Vulnerabilidad SAMI Format Parsing" This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of SAMI files. When handling the properties of a "Class Name" variable a lack of bounds checking can result in a stack overflow. Successful exploitation can lead to remote code execution under the credentials of the logged in user. • http://marc.info/?l=bugtraq&m=121380194923597&w=2 http://secunia.com/advisories/30579 http://securityreason.com/securityalert/3937 http://securitytracker.com/id?1020223 http://www.securityfocus.com/archive/1/493250/100/0/threaded http://www.securityfocus.com/bid/29578 http://www.us-cert.gov/cas/techalerts/TA08-162B.html http://www.vupen.com/english/advisories/2008/1780 http://www.zerodayinitiative.com/advisories/ZDI-08-040 https://docs.microsoft.com/en-us/security-updates • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-3901 – Microsoft DirectX DirectShow - SAMI Buffer Overflow (MS07-064)
https://notcve.org/view.php?id=CVE-2007-3901
Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file. El desbordamiento de búfer en la región stack de la memoria en el analizador de intercambio de medios accesibles (SAMI) de DirectShow sincronizado en Quartz. dll para Microsoft DirectX versión 7.0 a la versión 10.0, permite a los atacantes remotos ejecutar código arbitrario a través de un archivo SAMI elaborado. • https://www.exploit-db.com/exploits/16442 https://www.exploit-db.com/exploits/4866 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=632 http://secunia.com/advisories/28010 http://www.iss.net/threats/280.html http://www.kb.cert.org/vuls/id/804089 http://www.securityfocus.com/archive/1/485268/100/0/threaded http://www.securityfocus.com/bid/26789 http://www.securitytracker.com/id?1019073 http://www.us-cert.gov/cas/techalerts/TA07-345A.html http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-3895
https://notcve.org/view.php?id=CVE-2007-3895
Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file. Un desbordamiento de búfer en Microsoft DirectShow en Microsoft DirectX versiones 7.0 hasta 10.0, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo diseñado (1) WAV o (2) AVI. • http://secunia.com/advisories/28010 http://www.iss.net/threats/280.html http://www.kb.cert.org/vuls/id/321233 http://www.securityfocus.com/archive/1/485268/100/0/threaded http://www.securityfocus.com/bid/26804 http://www.securitytracker.com/id?1019073 http://www.us-cert.gov/cas/techalerts/TA07-345A.html http://www.vupen.com/english/advisories/2007/4180 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-064 https://exchange.xforce.ibmcloud • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •