Microsoft DirectX RLE Compressed Targa Image Processing Buffer Overflow Date: Thursday, July 19, 2007 @ 19:21:38 CDT Topic: Security SECUNIA ADVISORY ID: SA26131 VERIFY ADVISORY: http://secunia.com/advisories/26131/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft DirectX 9.x - http://secunia.com/product/1915/ Microsoft DirectX SDK - http://secunia.com/product/14831/ Microsoft DirectX 8.x - http://secunia.com/product/1914/ Microsoft DirectX 7.x - http://secunia.com/product/1913/ DESCRIPTION: A vulnerability has been reported in Microsoft DirectX, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when processing RLE compressed Targa images. This can be exploited to cause a heap-based buffer overflow via a specially crafted Targa image. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in Microsoft's DirectX SDK and End-User Runtimes dated February 2006. Other versions may also be affected. SOLUTION: Update to the October 2006 SDK and End-User Runtime release or later. PROVIDED AND/OR DISCOVERED BY: Ruben Santamarta, Reverse Mode ORIGINAL ADVISORY: Reverse Mode: http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=52 iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=562 This article comes from Ravens PHP Scripts https://www.ravenphpscripts.com The URL for this story is: https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3015