Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2006-4183 to a friend New vulnerability? New tool? Tell us	CVE-2006-4183 Microsoft DirectX RLE Compressed Targa Image File Heap Overflow Vulnerability     Credit: The information has been provided by iDefense. The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=562 Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2006-4183 Details Check for CVE-2006-4183 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Microsoft's DirectX SDK (February 2006).  * DirectX End User Runtimes (February 2006).  * It is suspected that previous versions are also affected, including the DirectX 9.0c End User Runtimes. The vulnerability specifically exists in the way RLE compressed Targa format image files are opened. The Targa format allows multiple color depths and image storage options, depths and image storage options, and includes the ability to use run-length encoding (RLE), compression on the image data. This is a compression method which finds a 'run' of the pixels the same color and instead of storing the value multiple times, encodes the number of times to repeat one value. For example, instead of storing 'AAAAAAAA', it may encode that into 'store "A" 8 times'. The buffer allocated for the image data is based on the width, height and color depth stored in the image, but when decoding this type of file, no checks against writing past the end of the buffer are performed. If the encoding specifies more data than has been allocated, a controlled heap overflow can occur. Exploitation could allow a remote attacker to execute arbitrary code in the context of the affected application. If the DirectX SDK is installed on a system, this function is used to display a preview in Windows Explorer's 'Details' pane, causing Explorer to become vulnerable. The DirectX End User Runtimes are often bundled with games or applications. Vectors potentially affecting users with either the SDK or the End User Runtime include online games and applications where graphics files are be downloaded from a remote server and used as a texture. Vendor Status: Microsoft reports that they addressed this vulnerability in the October 2006 SDK and End-User Runtime releases. iDefense has confirmed that this vulnerability no longer exists in the June 2007 release. CVE Information: CVE-2006-4183 Disclosure Timeline:  * 08/16/2006 - Initial vendor notification  * 10/05/2006 - Initial vendor response  * 10/05/2006 - Second vendor notification  * 07/18/2007 - Public disclosure  Comments on CVE-2006-4183:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®