CVE-2007-3901 – Microsoft DirectX DirectShow - SAMI Buffer Overflow (MS07-064)
https://notcve.org/view.php?id=CVE-2007-3901
Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file. El desbordamiento de búfer en la región stack de la memoria en el analizador de intercambio de medios accesibles (SAMI) de DirectShow sincronizado en Quartz. dll para Microsoft DirectX versión 7.0 a la versión 10.0, permite a los atacantes remotos ejecutar código arbitrario a través de un archivo SAMI elaborado. • https://www.exploit-db.com/exploits/16442 https://www.exploit-db.com/exploits/4866 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=632 http://secunia.com/advisories/28010 http://www.iss.net/threats/280.html http://www.kb.cert.org/vuls/id/804089 http://www.securityfocus.com/archive/1/485268/100/0/threaded http://www.securityfocus.com/bid/26789 http://www.securitytracker.com/id?1019073 http://www.us-cert.gov/cas/techalerts/TA07-345A.html http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2003-0346
https://notcve.org/view.php?id=CVE-2003-0346
Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow. Múltiples desbordamientos en una librería MIDI Microsoft Windows DirectX (QUARTZ.DLL) permite a atacantes remotos ejecutar código arbitrario mediante un fichero midi (.mid) con (1) una cadena de texto o de copyright larga), o (2) un número de pistas largo, lo que conduce a un desbordamiento de búfer en el montón. • http://marc.info/?l=bugtraq&m=105899759824008&w=2 http://www.cert.org/advisories/CA-2003-18.html http://www.kb.cert.org/vuls/id/265232 http://www.kb.cert.org/vuls/id/561284 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-030 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1095 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1104 https://oval.cisecurity.org/repository/search •