Home

Microsoft Windows DirectX SAMI Code Execution

Notification Type:	IBM Internet Security Systems Protection Alert
Notification Date:	June 10, 2008
Notification Version:	1.1

Name:	Microsoft Windows DirectX SAMI Code Execution
Public disclosure/ In the wild date:	June 10, 2008 (vuln disclosure)
Aliases:	MS08-033
CVE:	CVE-2008-1444
Description:	Microsoft Windows DirectX could allow a remote attacker to execute arbitrary code on the system.

ISS Coverage

Product	Content Version
Proventia Network IDS Proventia Network IPS Proventia Network MFS Proventia Server (Linux) RealSecure Network RealSecure Server Sensor	28.070
Proventia Desktop Proventia Server IPS (Windows)	2210

Propagation Techniques	ISS Protection	Available
remote exploit	SAMI_WMP_Overflow	June 10, 2008

Detailed Description

Business Impact:	Microsoft Windows DirectX is found in all modern Microsoft operating systems, including Microsoft Windows Vista. Compromise of machines may lead to exposure of confidential information, loss of productivity, and further compromise. An attacker would need to entice a user to open a Synchronized Accessible Media Interchange (SAMI) file to trigger this vulnerability.
CVSS	Base Score:		9.3
		Access Vector:	Network
		Access Complexity:	Medium
		Authentication:	None
		Confidentiality Impact:	Complete
		Integrity Impact:	Complete
		Availability Impact:	Complete

	Adjusted Temporal Score:		6.9
		Exploitability:	Unproven
		Remediation Level:	Official-Fix
		Report Confidence:	Confirmed
Affected Products:	For a full list of affected versions, see references below.
Technical Description:	Microsoft Windows DirectX could allow a remote attacker to execute arbitrary code on the system, caused by improper validation of Synchronized Accessible Media Interchange (SAMI) file type parameters. By persuading a victim to open a specially-crafted SAMI file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim.
Remediation:	Patches are available for this issue. See References for details.

References

XFDB:	http://xforce.iss.net/xforce/xfdb/42674
Microsoft:	http://www.microsoft.com/technet/security/bulletin/ms08-033.mspx

Revision History

1.0	Initial publication.
1.1	Corrected CVE number.

About IBM Internet Security Systems
IBM Internet Security Systems is the trusted security advisor to thousands of the world's leading businesses and governments, providing pre-emptive protection for networks, desktops and servers. An established leader in security since 1994, the IBM Proventia® integrated security platform is designed to automatically protect against both known and unknown threats, helping to keep networks up and running and shielding customers from online attacks before they impact business assets. IBM Internet Security Systems products and services are based on the proactive security intelligence of its X-Force® research and development team – the unequivocal world authority in vulnerability and threat research. The Internet Security Systems product line is also complemented by comprehensive Managed Security Services and Professional Security Services. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362.