Oval Definition:oval:org.mitre.oval:def:5236
Revision Date:2014-08-18Version:52
Title:MJPEG Decoder Vulnerability
Description:Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2008-0011
Platform(s):Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s):DirectX
Definition Synopsis
  • DirectX 8.1/7.0 on Windows 2000
  • Microsoft Windows 2000 is installed
  • AND the version of Quartz.dll is less than 6.3.1.891
  • AND DirectX 8.1 Installed
  • OR DirectX 9.0 on Windows 2000
  • Microsoft Windows 2000 is installed
  • AND DirectX 9.0x Installed
  • AND the version of Quartz.dll is less than 6.5.1.909
  • OR DirectX 9.0 on Win XP
  • Microsoft Windows XP is installed
  • AND DirectX 9.0x Installed
  • AND the version of Quartz.dll is less than 6.5.2600.3367
  • OR DirectX 9.0 on Win XP
  • Microsoft Windows XP (32-bit) is installed
  • AND DirectX 9.0x Installed
  • AND the version of Quartz.dll is less than 6.5.2600.5596
  • OR DirectX 9.0 on 2003 and XP
  • Check for Vulnerable Windows 2003 and Windows XP
  • Microsoft Windows XP x64 is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 (ia64) Gold is installed
  • AND DirectX 9.0x Installed
  • AND the version of Quartz.dll is less than 6.5.3790.3130
  • OR DirectX 9.0 on 2003 and XP
  • Check for Vulnerable Windows 2003 and Windows XP
  • Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 (ia64) Gold is installed
  • OR Microsoft Windows XP x64 is installed
  • AND DirectX 9.0x Installed
  • AND the version of Quartz.dll is less than 6.5.3790.4283
  • OR Check for vulnerable Windows Vista(x86)/(x64) and Quartz.dll version
  • Check for vulnerable Windows Vista(x86)/(x64)
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • AND Check for LDR/GDR
  • the version of Quartz.dll is less than 6.6.6000.16681
  • OR Check for LDR
  • the version of Quartz.dll is greater than or equal 6.6.6000.20000
  • AND Check if version of Quartz.dll is less than 6.6.6000.20823
  • OR Check for Vulnerable Windows Vista(x86)/(x64)/Windows 2008(x86)/(x64)/(ia-64) and Quartz.dll version
  • Check for Vulnerable Windows Vista(x86)/(x64)/Windows 2008(x86)/(x64)/(ia-64)
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND Check for LDR/GDR
  • the version of Quartz.dll is less than 6.6.6001.18063
  • OR Check for LDR
  • the version of Quartz.dll is greater than or equal 6.6.6001.22000
  • AND Check if version of Quartz.dll is less than 6.6.6001.22167
    • BACK