Описание
Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow.
Ссылки
- PatchThird Party AdvisoryUS Government Resource
- US Government Resource
- US Government Resource
- PatchThird Party AdvisoryUS Government Resource
- US Government Resource
- US Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:microsoft:directx:5.2:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:directx:6.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:directx:7.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:directx:7.0a:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:directx:8.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:directx:9.0a:*:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.25679
Средний
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow.
EPSS
Процентиль: 96%
0.25679
Средний
7.5 High
CVSS2
Дефекты
NVD-CWE-Other