CVE-2007-3901 – Microsoft DirectX DirectShow - SAMI Buffer Overflow (MS07-064)
https://notcve.org/view.php?id=CVE-2007-3901
Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file. El desbordamiento de búfer en la región stack de la memoria en el analizador de intercambio de medios accesibles (SAMI) de DirectShow sincronizado en Quartz. dll para Microsoft DirectX versión 7.0 a la versión 10.0, permite a los atacantes remotos ejecutar código arbitrario a través de un archivo SAMI elaborado. • https://www.exploit-db.com/exploits/16442 https://www.exploit-db.com/exploits/4866 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=632 http://secunia.com/advisories/28010 http://www.iss.net/threats/280.html http://www.kb.cert.org/vuls/id/804089 http://www.securityfocus.com/archive/1/485268/100/0/threaded http://www.securityfocus.com/bid/26789 http://www.securitytracker.com/id?1019073 http://www.us-cert.gov/cas/techalerts/TA07-345A.html http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-4336 – Microsoft DXMedia SDK 6 - 'SourceUrl' ActiveX Remote Code Execution
https://notcve.org/view.php?id=CVE-2007-4336
Buffer overflow in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX control in DXTLIPI.DLL 6.0.2.827, as packaged in Microsoft DirectX Media 6.0 SDK, allows remote attackers to execute arbitrary code via a long SourceUrl property value. Desbordamiento de búfer en el control ActiveX Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) de DXTLIPI.DLL 6.0.2.827, como el empaquetado en Microsoft DirectX Media 6.0 SDK, permite a atacantes remotos ejecutar código de su elección mediante valor de la propiedad SourceUrl largo. • https://www.exploit-db.com/exploits/4279 http://osvdb.org/36399 http://secunia.com/advisories/26426 http://www.kb.cert.org/vuls/id/466601 http://www.securityfocus.com/bid/25279 http://www.securitytracker.com/id?1018551 http://www.vupen.com/english/advisories/2007/2857 https://exchange.xforce.ibmcloud.com/vulnerabilities/35970 •
CVE-2006-4183
https://notcve.org/view.php?id=CVE-2006-4183
Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding. Un desbordamiento de búfer en la región heap de la memoria en Microsoft DirectX SDK (Febrero de 2006) y probablemente anteriores, incluido el End User Runtimes versión 9.0c, permite a los atacantes dependiendo del contexto ejecutar código arbitrario por medio de un archivo Targa creado con una compresión de Codificación de Longitud de Ejecución (RLE) que produce más datos de los esperados al decodificar. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=562 http://secunia.com/advisories/26131 http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=52 http://www.securityfocus.com/archive/1/474058/100/0/threaded http://www.securityfocus.com/bid/24963 http://www.securitytracker.com/id?1018420 http://www.vupen.com/english/advisories/2007/2577 https://exchange.xforce.ibmcloud.com/vulnerabilities/35492 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2004-0202
https://notcve.org/view.php?id=CVE-2004-0202
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet. El interfaz de programación de aplicación (API) IDirectPlay de Microsoft DirectPlay 7.0a a 9.0b, usado en Windows Server 2003 y anteriores, permite a atacantes remotos causar una denegación de servicio (caída de aplicación) mediante un paquete malformado. • http://secunia.com/advisories/11802 http://www.osvdb.org/6742 http://www.securityfocus.com/bid/10487 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-016 https://exchange.xforce.ibmcloud.com/vulnerabilities/16306 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1027 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2190 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Ad •
CVE-2003-0346
https://notcve.org/view.php?id=CVE-2003-0346
Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow. Múltiples desbordamientos en una librería MIDI Microsoft Windows DirectX (QUARTZ.DLL) permite a atacantes remotos ejecutar código arbitrario mediante un fichero midi (.mid) con (1) una cadena de texto o de copyright larga), o (2) un número de pistas largo, lo que conduce a un desbordamiento de búfer en el montón. • http://marc.info/?l=bugtraq&m=105899759824008&w=2 http://www.cert.org/advisories/CA-2003-18.html http://www.kb.cert.org/vuls/id/265232 http://www.kb.cert.org/vuls/id/561284 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-030 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1095 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1104 https://oval.cisecurity.org/repository/search •