CVE-2008-1444

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2008-1444 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Microsoft Product Security.
The original article can be found at: http://www.microsoft.com/technet/security/bulletin/ms08-033.mspx

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2008-1444

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Affected Software:
DirectX 7.0 and DirectX 8.1
* Microsoft Windows 2000 Service Pack 4 - DirectX 7.0 - Remote Code Execution - Critical - MS07-064
* Microsoft Windows 2000 Service Pack 4 - DirectX 8.1 - Remote Code Execution - Critical - MS07-064

DirectX 9.0
* Microsoft Windows 2000 Service Pack 4 - DirectX 9.0, DirectX 9.0b, or DirectX 9.0c - Remote Code Execution - Critical - MS07-064
* Windows XP Service Pack 2 and Windows XP Service Pack 3 - DirectX 9.0, DirectX 9.0b, or DirectX 9.0c - Remote Code Execution - Critical - MS07-064
* Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 - DirectX 9.0, DirectX 9.0b, or DirectX 9.0c - Remote Code Execution - Critical - MS07-064
* Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 - DirectX 9.0, DirectX 9.0b, or DirectX 9.0c - Remote Code Execution - Critical - MS07-064
* Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 - DirectX 9.0, DirectX 9.0b, or DirectX 9.0c - Remote Code Execution - Critical - MS07-064
* Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems - DirectX 9.0, DirectX 9.0b, or DirectX 9.0c - Remote Code Execution - Critical - MS07-064

DirectX 10.0
* Windows Vista - DirectX 10.0 - Remote Code Execution - Critical - MS07-064
* Windows Vista Service Pack 1 - DirectX 10.0 - Remote Code Execution - Critical - None
* Windows Vista x64 Edition - DirectX 10.0 - Remote Code Execution - Critical - MS07-064
* Windows Vista x64 Edition Service Pack 1 - DirectX 10.0 - Remote Code Execution - Critical - None
* Windows Server 2008 for 32-bit Systems* - DirectX 10.0 - Remote Code Execution - Critical - None
* Windows Server 2008 for x64-based Systems* - DirectX 10.0 - Remote Code Execution - Critical - None
* Windows Server 2008 for Itanium-based Systems - DirectX 10.0 - Remote Code Execution - Critical - None

*Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option. For more information on this installation option, see Server Core. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008; see Compare Server Core Installation Options.

MJPEG Decoder Vulnerability - CVE-2008-0011
A remote code execution vulnerability exists in the way that the Windows MJPEG Codec handles MJPEG streams in AVI or ASF files. A user would have to preview or play a specially crafted MJPEG file for the vulnerability to be exploited.

CVE Information:
CVE-2008-0011

SAMI Format Parsing Vulnerability - CVE-2008-1444
A remote code execution vulnerability exists in the way DirectX handles supported format files. This vulnerability could allow remote code execution if a user opened a specially crafted file.

CVE Information:
CVE-2008-1444

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus