Microsoft Security Bulletin MS05-050
Vulnerability in DirectShow Remote Code Execution
Published: October 11, 2005
Web Security Summary
Who should read this document: Visitors who use Microsoft Windows
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Visitors should apply the security update immediately.
Security Update Replacement: This bulletin replaces a prior security update.
Tested Software and Security Update Download Locations:
Microsoft DirectX 7.0 on Microsoft Windows 2000 with Service Pack 4
Microsoft DirectX 8.1 on Microsoft Windows Server 2003
Microsoft DirectX 8.1 Microsoft Windows Server 2003 with Service Pack 1
Tested Microsoft Windows Components:
Microsoft DirectX 8.0, 8.0a, 8.1, 8.1a, 8.1b, and 8.2 when installed on Windows 2000 Service Pack 4
Microsoft DirectX 9.0, 9.0a, 9.0b, and 9.0c when installed on Windows 2000 Service Pack 4
Microsoft DirectX 9.0, 9.0a, 9.0b, and 9.0c when installed on Windows Server 2003
Executive Security Summary
This update resolves a newly-discovered, privately-reported vulnerability. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
It’s recommend that visitors apply the update immediately.
DirectShow Vulnerability – CAN-2005-2128
A remote code execution vulnerability exists in DirectShow that could
allow an attacker who successfully exploited this vulnerability to take
complete control of the affected system.
Mitigating Factors for DirectShow Vulnerability – CAN-2005-2128:
An attacker who successfully exploited this vulnerability could gain
the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Workarounds for DirectShow Vulnerability
We have not identified any workarounds for this vulnerability.
This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.
For more information about the reasons why you may be prompted to restart your computer, see Microsoft Knowledge Base Article 887012.