• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft DirectX DirectShow AVI Processing Buffer Overflow Vulnerability

Solution:
Microsoft has released updates to address this vulnerability. Fixes for Windows 98/98SE/ME are available through Windows Update.

Avaya has released advisory ASA-2005-214 to state which Avaya products are affected by The October 2005 release of Microsoft Windows security updates. Please see the referenced advisory for further information.

Nortel Networks has released a technical support bulletin (2005006318) regarding this and other issues for their Centrex IP Client Manager (CICM). They report the vulnerabilities will be fixed in the upcoming 2.5, 7.0 and 8.0 maintenance releases. Please see the referenced bulletin for further information.

Nortel Networks has released a technical support bulletin (2005006315) regarding this issue for CallPilot. Users are advised to contact Nortel for further information.

Microsoft has updated Microsoft Security Bulletin MS05-050 detailing possible problems with previous updates; new updates are also available. Please see the referenced advisory for further information.


Microsoft Windows Server 2003 Datacenter Edition SP1

• Microsoft Security Update for Windows Server 2003 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=66f44766-3741 -4c83-aa5f-1b3498131dd9&displaylang=en

Microsoft Windows XP Media Center Edition SP2

• Microsoft Security Update for Windows XP (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=2636cfce-49ea -4d06-80ba-21a84f3658a5&displaylang=en

Microsoft DirectX 8.1 a

• Microsoft Security Update for DirectX 8 for Windows 2000 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=FEDC7212-27B8 -4993-9965-53E9298DB386&displaylang=en

Microsoft Small Business Server 2003

• Microsoft Security Update for Windows Server 2003 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=66f44766-3741 -4c83-aa5f-1b3498131dd9&displaylang=en

Microsoft Windows Server 2003 Enterprise Edition Itanium SP1

• Microsoft Security Update for Windows Server 2003 64-bit Itanium Edition (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=7f8342a0-2462 -46d3-9e40-262f72db68a6&displaylang=en

Microsoft Windows XP Tablet PC Edition SP1

• Microsoft Security Update for Windows XP (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=2636cfce-49ea -4d06-80ba-21a84f3658a5&displaylang=en

Microsoft DirectX 8.0

• Microsoft Security Update for DirectX 8 for Windows 2000 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=FEDC7212-27B8 -4993-9965-53E9298DB386&displaylang=en

Microsoft Windows XP Tablet PC Edition SP2

• Microsoft Security Update for Windows XP (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=2636cfce-49ea -4d06-80ba-21a84f3658a5&displaylang=en

Microsoft Windows XP Media Center Edition SP1

• Microsoft Security Update for Windows XP (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=2636cfce-49ea -4d06-80ba-21a84f3658a5&displaylang=en

Microsoft DirectX 8.0 a

• Microsoft Security Update for DirectX 8 for Windows 2000 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=FEDC7212-27B8 -4993-9965-53E9298DB386&displaylang=en

Microsoft DirectX 9.0 c

• Microsoft Security Update for DirectX 9 for Windows 2000 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=1853AD1F-92C8 -4C2B-8F52-9B2FC8DBF769&displaylang=en


• Microsoft Security Update for DirectX 9 for Windows Server 2003 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=6083BA2D-4F1A -4900-8F7D-A32CB41CB5FA&displaylang=en


• Microsoft Security Update for DirectX 9 for Windows XP (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=36FBED29-E264 -4BC7-AB48-2CC4A59ACAA1&displaylang=en

Microsoft DirectX 8.1

• Microsoft Security Update for DirectX 8 for Windows 2000 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=FEDC7212-27B8 -4993-9965-53E9298DB386&displaylang=en

Microsoft Windows Server 2003 Enterprise Edition Itanium 0

• Microsoft Security Update for Windows Server 2003 64-bit Itanium Edition (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=7f8342a0-2462 -46d3-9e40-262f72db68a6&displaylang=en

Microsoft Windows Server 2003 Standard Edition SP1

• Microsoft Security Update for Windows Server 2003 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=66f44766-3741 -4c83-aa5f-1b3498131dd9&displaylang=en

Microsoft Windows Server 2003 Standard Edition

• Microsoft Security Update for Windows Server 2003 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=66f44766-3741 -4c83-aa5f-1b3498131dd9&displaylang=en

Microsoft Windows Server 2003 Enterprise x64 Edition

• Microsoft Security Update for Windows Server 2003 x64 Edition (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=76c3815c-a966 -49eb-825f-1b8454c09bbf&displaylang=en

Microsoft Windows Server 2003 Datacenter Edition Itanium 0

• Microsoft Security Update for Windows Server 2003 64-bit Itanium Edition (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=7f8342a0-2462 -46d3-9e40-262f72db68a6&displaylang=en

Microsoft Windows Server 2003 Datacenter x64 Edition

• Microsoft Security Update for Windows Server 2003 x64 Edition (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=76c3815c-a966 -49eb-825f-1b8454c09bbf&displaylang=en

Microsoft Windows Server 2003 Enterprise Edition SP1

• Microsoft Security Update for Windows Server 2003 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=66f44766-3741 -4c83-aa5f-1b3498131dd9&displaylang=en

Microsoft DirectX 9.0 a

• Microsoft Security Update for DirectX 9 for Windows 2000 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=1853AD1F-92C8 -4C2B-8F52-9B2FC8DBF769&displaylang=en


• Microsoft Security Update for DirectX 9 for Windows Server 2003 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=6083BA2D-4F1A -4900-8F7D-A32CB41CB5FA&displaylang=en


• Microsoft Security Update for DirectX 9 for Windows XP (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=36FBED29-E264 -4BC7-AB48-2CC4A59ACAA1&displaylang=en

Microsoft DirectX 8.1 b

• Microsoft Security Update for DirectX 8 for Windows 2000 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=FEDC7212-27B8 -4993-9965-53E9298DB386&displaylang=en

Microsoft Windows Server 2003 Datacenter Edition

• Microsoft Security Update for Windows Server 2003 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=66f44766-3741 -4c83-aa5f-1b3498131dd9&displaylang=en

Microsoft Windows 2000 Advanced Server SP4

• Microsoft Security Update for Windows 2000 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=2feffe6c-6c1c -42d9-b15e-f8f8d9c0e60e&displaylang=en


• Microsoft Security Update for DirectX 7.0 for Windows 2000 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=2feffe6c-6c1c -42d9-b15e-f8f8d9c0e60e&displaylang=en

Microsoft DirectX 8.2

• Microsoft Security Update for DirectX 8 for Windows 2000 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=FEDC7212-27B8 -4993-9965-53E9298DB386&displaylang=en

Microsoft Windows Server 2003 Enterprise Edition

• Microsoft Security Update for Windows Server 2003 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=66f44766-3741 -4c83-aa5f-1b3498131dd9&displaylang=en

Microsoft Windows XP Home SP2

• Microsoft Security Update for Windows XP (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=2636cfce-49ea -4d06-80ba-21a84f3658a5&displaylang=en

Microsoft Windows 2000 Datacenter Server SP4

• Microsoft Security Update for Windows 2000 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=2feffe6c-6c1c -42d9-b15e-f8f8d9c0e60e&displaylang=en


• Microsoft Security Update for DirectX 7.0 for Windows 2000 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=2feffe6c-6c1c -42d9-b15e-f8f8d9c0e60e&displaylang=en

Microsoft Windows Server 2003 Web Edition

• Microsoft Security Update for Windows Server 2003 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=66f44766-3741 -4c83-aa5f-1b3498131dd9&displaylang=en

Microsoft Windows XP Home SP1

• Microsoft Security Update for Windows XP (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=2636cfce-49ea -4d06-80ba-21a84f3658a5&displaylang=en

Microsoft DirectX 9.0b

• Microsoft Security Update for DirectX 9 for Windows 2000 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=1853AD1F-92C8 -4C2B-8F52-9B2FC8DBF769&displaylang=en


• Microsoft Security Update for DirectX 9 for Windows Server 2003 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=6083BA2D-4F1A -4900-8F7D-A32CB41CB5FA&displaylang=en


• Microsoft Security Update for DirectX 9 for Windows XP (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=36FBED29-E264 -4BC7-AB48-2CC4A59ACAA1&displaylang=en

Microsoft Windows XP Professional x64 Edition

• Microsoft Security Update for Windows XP x64 Edition (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=ef614cdc-1db5 -4b5c-8440-714941799a9f&displaylang=en

Microsoft Windows Server 2003 Web Edition SP1

• Microsoft Security Update for Windows Server 2003 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=66f44766-3741 -4c83-aa5f-1b3498131dd9&displaylang=en

Microsoft DirectX 9.0

• Microsoft Security Update for DirectX 9 for Windows 2000 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=1853AD1F-92C8 -4C2B-8F52-9B2FC8DBF769&displaylang=en


• Microsoft Security Update for DirectX 9 for Windows Server 2003 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=6083BA2D-4F1A -4900-8F7D-A32CB41CB5FA&displaylang=en


• Microsoft Security Update for DirectX 9 for Windows XP (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=36FBED29-E264 -4BC7-AB48-2CC4A59ACAA1&displaylang=en

Microsoft Windows Server 2003 Datacenter Edition Itanium SP1

• Microsoft Security Update for Windows Server 2003 64-bit Itanium Edition (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=7f8342a0-2462 -46d3-9e40-262f72db68a6&displaylang=en

Microsoft Windows XP Professional SP2

• Microsoft Security Update for Windows XP (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=2636cfce-49ea -4d06-80ba-21a84f3658a5&displaylang=en

Microsoft Windows Server 2003 Standard x64 Edition

• Microsoft Security Update for Windows Server 2003 x64 Edition (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=76c3815c-a966 -49eb-825f-1b8454c09bbf&displaylang=en

Microsoft Windows 2000 Server SP4

• Microsoft Security Update for Windows 2000 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=2feffe6c-6c1c -42d9-b15e-f8f8d9c0e60e&displaylang=en


• Microsoft Security Update for DirectX 7.0 for Windows 2000 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=2feffe6c-6c1c -42d9-b15e-f8f8d9c0e60e&displaylang=en

Microsoft Windows 2000 Professional SP4

• Microsoft Security Update for Windows 2000 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=2feffe6c-6c1c -42d9-b15e-f8f8d9c0e60e&displaylang=en


• Microsoft Security Update for DirectX 7.0 for Windows 2000 (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=2feffe6c-6c1c -42d9-b15e-f8f8d9c0e60e&displaylang=en

Microsoft Windows XP Professional SP1

• Microsoft Security Update for Windows XP (KB904706)
  http://www.microsoft.com/downloads/details.aspx?familyid=2636cfce-49ea -4d06-80ba-21a84f3658a5&displaylang=en