Secunia
|
|
CVE Reference: CVE-2010-0250 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2010-0250 |
|
|
Description: Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability." |
|
|
CVE Status: Candidate |
|
|
References: SAID Secunia Advisory: SA38511 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8064 MS http://www.microsoft.com/technet/security/Bulletin/MS10-013.mspx MISC http://www.zerodayinitiative.com/advisories/ZDI-10-015/ CONFIRM http://support.avaya.com/css/P8/documents/100074167 CERT http://www.us-cert.gov/cas/techalerts/TA10-040A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/509472/100/0/threaded BID 38112 |
|
| Return to the previous page. |
