Secunia Advisory: SA26131
Release Date: 2007-07-19
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software:
Microsoft DirectX 7.x
Microsoft DirectX 8.x
Microsoft DirectX 9.x
Microsoft DirectX SDK
CVE reference: CVE-2006-4183 (Secunia mirror)
Description:
A vulnerability has been reported in Microsoft DirectX, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an input validation error when processing RLE compressed Targa images. This can be exploited to cause a heap-based buffer overflow via a specially crafted Targa image.
Successful exploitation allows execution of arbitrary code.
The vulnerability is reported in Microsoft's DirectX SDK and End-User Runtimes dated February 2006. Other versions may also be affected.
Solution:
Update to the October 2006 SDK and End-User Runtime release or later.
Bollettino Secunia
Release Date: 2007-07-19
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software:
Microsoft DirectX 7.x
Microsoft DirectX 8.x
Microsoft DirectX 9.x
Microsoft DirectX SDK
CVE reference: CVE-2006-4183 (Secunia mirror)
Description:
A vulnerability has been reported in Microsoft DirectX, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an input validation error when processing RLE compressed Targa images. This can be exploited to cause a heap-based buffer overflow via a specially crafted Targa image.
Successful exploitation allows execution of arbitrary code.
The vulnerability is reported in Microsoft's DirectX SDK and End-User Runtimes dated February 2006. Other versions may also be affected.
Solution:
Update to the October 2006 SDK and End-User Runtime release or later.
Bollettino Secunia