Vulnerability CVE-2007-3901 - CERT Civis.Net

Vulnerability Name:

CVE-2007-3901 (CCN-38721)

Assigned:

2007-12-11

Published:

2007-12-11

Updated:

2019-04-30

Summary:

Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

8.5 High (CVSS v2 Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C)
7.0 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.7 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2007-3901

Source: IDEFENSE
Type: UNKNOWN
20071211 Microsoft DirectX 7 and 8 DirectShow Stack Buffer Overflow Vulnerability

Source: CCN
Type: SA28010
Microsoft DirectX SAMI/WAV/AVI File Parsing Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
28010

Source: CCN
Type: SECTRACK ID: 1019073
Microsoft DirectX Bugs in Parsing SAMI, WAV, and AVI Files Let Remote Users Execute Arbitrary Code

Source: CCN
Type: ASA-2007-514
MS07-064 Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)

Source: CCN
Type: Microsoft Security Bulletin MS13-011
Vulnerability in Media Decompression Could Allow Remote Code Execution (2780091)

Source: CCN
Type: Microsoft Security Bulletin MS16-007
Security Update for Microsoft Windows to Address Remote Code Execution (3124901)

Source: CCN
Type: Microsoft Security Bulletin MS16-014
Security update for Microsoft Windows to Address Remote Code Execution (3134228)

Source: CCN
Type: Microsoft Security Bulletin MS16-047
Security Update for SAM and LSAD Remote Protocols (3148527)

Source: CCN
Type: Microsoft Security Bulletin MS16-075
Security Update for Windows SMB Server (3164038)

Source: CCN
Type: Microsoft Security Bulletin MS16-076
Security Update for Netlogon (3167691)

Source: CCN
Type: Microsoft Security Bulletin MS16-101
Security Update for Windows Authentication Methods (3178465)

Source: CCN
Type: Microsoft Security Bulletin MS16-110
Security Update for Windows (3178467)

Source: CCN
Type: Microsoft Security Bulletin MS16-111
Security Update for Windows Kernel (3186973)

Source: CCN
Type: Microsoft Security Bulletin MS16-120
Security Update for Microsoft Graphics Component (3192884)

Source: CCN
Type: Microsoft Security Bulletin MS16-122
Security Update for Microsoft Video Control (3195360)

Source: CCN
Type: Microsoft Security Bulletin MS16-123
Security Update for Kernel-Mode Drivers (3192892)

Source: CCN
Type: Microsoft Security Bulletin MS16-124
Security Update for Windows Registry (3193227)

Source: CCN
Type: Microsoft Security Bulletin MS16-126
Security Update for Microsoft Internet Messaging API (3196067)

Source: CCN
Type: Microsoft Security Bulletin MS16-131
Security Update for Microsoft Video Control (3199151)

Source: CCN
Type: Microsoft Security Bulletin MS16-139
Security Update for Windows Kernel (3199720)

Source: CCN
Type: Microsoft Security Bulletin MS16-155
Security Update for .NET Framework (3205640)

Source: CCN
Type: Microsoft Security Bulletin MS17-006
Cumulative Security Update for Internet Explorer (4013073)

Source: CCN
Type: Microsoft Security Bulletin MS17-013
Security Update for Microsoft Graphics Component (4013075)

Source: CCN
Type: IBM Internet Security Systems Protection Alert Dec. 11, 2007
Multiple Microsoft DirectShow Remote Code Execution Vulnerabilities

Source: ISS
Type: UNKNOWN
20071211 Multiple Microsoft DirectShow Remote Code Execution Vulnerabilities

Source: CCN
Type: US-CERT VU#804089
Microsoft DirectX SAMI parsing buffer overflow

Source: CERT-VN
Type: US Government Resource
VU#804089

Source: CCN
Type: Microsoft Security Bulletin MS07-064
Vulnerabilities in DirectShow Could Allow Remote Code Execution (941568)

Source: CCN
Type: Microsoft Security Bulletin MS08-033
Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)

Source: CCN
Type: Microsoft Security Bulletin MS09-011
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)

Source: CCN
Type: Microsoft Security Bulletin MS09-028
Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)

Source: CCN
Type: Microsoft Security Bulletin MS10-013
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)

Source: CCN
Type: Microsoft Security Bulletin MS10-033
Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)

Source: CCN
Type: Microsoft Security Bulletin MS10-094
Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (2447961

Source: CCN
Type: Microsoft Security Bulletin MS12-004
Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)

Source: HP
Type: UNKNOWN
SSRT071506

Source: BID
Type: UNKNOWN
26789

Source: CCN
Type: BID-26789
Microsoft DirectX SAMI File Parsing Stack Buffer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1019073

Source: CERT
Type: US Government Resource
TA07-345A

Source: VUPEN
Type: Vendor Advisory
ADV-2007-4180

Source: MS
Type: UNKNOWN
MS07-064

Source: XF
Type: UNKNOWN
ms-directshow-sami-code-execution(38721)

Source: XF
Type: UNKNOWN
ms-directshow-sami-code-execution(38721)

Source: CCN
Type: iDefense PUBLIC ADVISORY: 12.11.07
Microsoft DirectX 7 and 8 DirectShow Stack Buffer Overflow Vulnerability

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:4520

Source: EXPLOIT-DB
Type: UNKNOWN
4866

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database [12-11-2007]
MS07-064 Microsoft DirectX DirectShow SAMI Buffer Overflow

Vulnerable Configuration:

Configuration 1:

cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise_edition:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:standard:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:web_edition:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:professional:*:*:*:*:*

AND

cpe:/a:microsoft:directx:5.2:*:*:*:*:*:*:*

OR cpe:/a:microsoft:directx:6.1:*:*:*:*:*:*:*

OR cpe:/a:microsoft:directx:7.0:*:*:*:*:*:*:*

OR cpe:/a:microsoft:directx:7.0a:*:*:*:*:*:*:*

OR cpe:/a:microsoft:directx:7.1:*:*:*:*:*:*:*

OR cpe:/a:microsoft:directx:8.0:*:*:*:*:*:*:*

OR cpe:/a:microsoft:directx:8.0a:*:*:*:*:*:*:*

OR cpe:/a:microsoft:directx:8.1:*:*:*:*:*:*:*

OR cpe:/a:microsoft:directx:8.1a:*:*:*:*:*:*:*

OR cpe:/a:microsoft:directx:8.1b:*:*:*:*:*:*:*

OR cpe:/a:microsoft:directx:8.2:*:*:*:*:*:*:*

OR cpe:/a:microsoft:directx:9.0a:*:*:*:*:*:*:*

OR cpe:/a:microsoft:directx:9.0b:*:*:*:*:*:*:*

OR cpe:/a:microsoft:directx:9.0c:*:*:*:*:*:*:*

OR cpe:/a:microsoft:directx:10.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:microsoft:directx:7.0:*:*:*:*:*:*:*

OR cpe:/a:microsoft:directx:8.1:*:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:4520	V	Microsoft DirectX Code Execution Vulnerability	2013-04-15