Vulnerability CVE-2009-0084 - CERT Civis.Net

Vulnerability Name:

CVE-2009-0084 (CCN-49559)

Assigned:

2009-04-14

Published:

2009-04-14

Updated:

2019-02-26

Summary:

Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability."

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2009-0084

Source: OSVDB
Type: UNKNOWN
53632

Source: CCN
Type: SA34665
Microsoft DirectShow MJPEG Decompression Vulnerability

Source: SECUNIA
Type: UNKNOWN
34665

Source: CCN
Type: SECTRACK ID: 1022040
Microsoft DirectX Bug in Decompressing DirectShow MJPEG Content Lets Remote Users Execute Arbitrary Code

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2009-132.htm

Source: CCN
Type: ASA-2009-132
MS09-011 Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)

Source: CCN
Type: Microsoft Security Bulletin MS13-011
Vulnerability in Media Decompression Could Allow Remote Code Execution (2780091)

Source: CCN
Type: Microsoft Security Bulletin MS16-007
Security Update for Microsoft Windows to Address Remote Code Execution (3124901)

Source: CCN
Type: Microsoft Security Bulletin MS16-014
Security update for Microsoft Windows to Address Remote Code Execution (3134228)

Source: CCN
Type: Microsoft Security Bulletin MS16-047
Security Update for SAM and LSAD Remote Protocols (3148527)

Source: CCN
Type: Microsoft Security Bulletin MS16-075
Security Update for Windows SMB Server (3164038)

Source: CCN
Type: Microsoft Security Bulletin MS16-076
Security Update for Netlogon (3167691)

Source: CCN
Type: Microsoft Security Bulletin MS16-101
Security Update for Windows Authentication Methods (3178465)

Source: CCN
Type: Microsoft Security Bulletin MS16-110
Security Update for Windows (3178467)

Source: CCN
Type: Microsoft Security Bulletin MS16-111
Security Update for Windows Kernel (3186973)

Source: CCN
Type: Microsoft Security Bulletin MS16-120
Security Update for Microsoft Graphics Component (3192884)

Source: CCN
Type: Microsoft Security Bulletin MS16-122
Security Update for Microsoft Video Control (3195360)

Source: CCN
Type: Microsoft Security Bulletin MS16-123
Security Update for Kernel-Mode Drivers (3192892)

Source: CCN
Type: Microsoft Security Bulletin MS16-124
Security Update for Windows Registry (3193227)

Source: CCN
Type: Microsoft Security Bulletin MS16-126
Security Update for Microsoft Internet Messaging API (3196067)

Source: CCN
Type: Microsoft Security Bulletin MS16-131
Security Update for Microsoft Video Control (3199151)

Source: CCN
Type: Microsoft Security Bulletin MS16-139
Security Update for Windows Kernel (3199720)

Source: CCN
Type: Microsoft Security Bulletin MS16-155
Security Update for .NET Framework (3205640)

Source: CCN
Type: Microsoft Security Bulletin MS17-006
Cumulative Security Update for Internet Explorer (4013073)

Source: CCN
Type: Microsoft Security Bulletin MS17-013
Security Update for Microsoft Graphics Component (4013075)

Source: CCN
Type: Microsoft Security Bulletin MS09-011
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)

Source: CCN
Type: Microsoft Security Bulletin MS09-028
Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)

Source: CCN
Type: Microsoft Security Bulletin MS10-013
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)

Source: CCN
Type: Microsoft Security Bulletin MS10-033
Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)

Source: CCN
Type: Microsoft Security Bulletin MS10-094
Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (2447961

Source: CCN
Type: Microsoft Security Bulletin MS12-004
Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)

Source: CCN
Type: OSVDB ID: 53632
Microsoft DirectShow MJPEG Decompression Unspecified Arbitrary Code Execution

Source: MISC
Type: UNKNOWN
http://www.piotrbania.com/all/adv/ms-directx-mjpeg-adv.txt

Source: BID
Type: UNKNOWN
34460

Source: CCN
Type: BID-34460
Microsoft DirectX DirectShow MJPEG Video Decompression Remote Code Execution Vulnerability

Source: SECTRACK
Type: UNKNOWN
1022040

Source: CERT
Type: US Government Resource
TA09-104A

Source: VUPEN
Type: UNKNOWN
ADV-2009-1025

Source: MS
Type: UNKNOWN
MS09-011

Source: XF
Type: UNKNOWN
ms-directshow-mjpeg-code-execution(49559)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:5618

Vulnerable Configuration:

Configuration 1:

cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

AND

cpe:/a:microsoft:directx:8.1:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:microsoft:directx:9.0:*:*:*:*:*:*:*

OR cpe:/a:microsoft:directx:9.0a:*:*:*:*:*:*:*

OR cpe:/a:microsoft:directx:9.0b:*:*:*:*:*:*:*

OR cpe:/a:microsoft:directx:9.0c:*:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:pro_x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:microsoft:directx:8.1:*:*:*:*:*:*:*

OR cpe:/a:microsoft:directx:9.0:*:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*

OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:*

OR cpe:/o:microsoft:windows:xp:sp3:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:5618	V	MJPEG Decompression Vulnerability	2014-03-17