Microsoft DirectX DirectShow AVI Processing Buffer Overflow Vulnerability
A buffer overflow vulnerability exists in the Microsoft Windows DirectX component. This issue is related to processing of .AVI (Audio Visual Interleave) media files. The specific vulnerability exists in DirectShow and could be exposed through applications that employ DirectShow to process .AVI files.
Successful exploitation will permit execution of arbitrary code in the context of the user who opens a malicious .AVI file.
This issue could be exploited through any means that will allow the attacker to deliver a malicious .AVI file to a victim user. In Web-based attack scenarios, exploitation could occur automatically if the malicious Web page can cause the .AVI file to be loaded automatically by Windows Media Player. Other attack vectors such as email or instant messaging may require the victim user to manually open the malicious .AVI.
It is not known if third-party applications rely on DirectShow to process .AVI files. If so, these applications could also present an attack vector.