Описание
Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability."
Ссылки
- US Government Resource
- US Government Resource
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:a:microsoft:directx:8.1:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
Одно из
cpe:2.3:a:microsoft:directx:9.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:directx:9.0a:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:directx:9.0b:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:directx:9.0c:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:pro_x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.61578
Средний
9.3 Critical
CVSS2
Дефекты
CWE-94
Связанные уязвимости
github
почти 4 года назад
Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability."
EPSS
Процентиль: 98%
0.61578
Средний
9.3 Critical
CVSS2
Дефекты
CWE-94