Vulnerabilities > CVE-2003-0346 - Unspecified vulnerability in Microsoft Directx
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS03-030.NASL |
description | The remote host is running a version of Windows with a version of DirectX that is vulnerable to a buffer overflow attack involving the module that handles MIDI files. To exploit this flaw, an attacker needs to craft a rogue MIDI file and send it to a user of this computer. When the user attempts to read the file, it will trigger the buffer overflow condition and the attacker may gain a shell on this host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11803 |
published | 2003-07-23 |
reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/11803 |
title | MS03-030: DirectX MIDI Overflow (819696) |
Oval
accepted 2013-04-15T04:00:06.203-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Matthew Wojcik organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Jeff Ito organization Secure Elements, Inc. name Dragos Prisaca organization G2, Inc.
description Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow. family windows id oval:org.mitre.oval:def:1095 status accepted submitted 2005-10-12T12:00:00.000-04:00 title DirectX 8 DirectShow Malicious MIDI File Vulnerability version 7 accepted 2007-09-27T08:57:38.999-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Matthew Wojcik organization The MITRE Corporation name Jeff Ito organization Secure Elements, Inc.
description Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow. family windows id oval:org.mitre.oval:def:1104 status accepted submitted 2005-10-12T12:00:00.000-04:00 title DirectX 9 DirectShow Malicious MIDI File Vulnerability version 4 accepted 2008-03-24T04:00:22.463-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Jonathan Baker organization The MITRE Corporation
definition_extensions comment Microsoft Windows NT is installed oval oval:org.mitre.oval:def:36 description Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow. family windows id oval:org.mitre.oval:def:218 status accepted submitted 2004-11-02T12:00:00.000-04:00 title Integer Overflows in Windows NT DirectX MIDI Library (QUARTZ.DLL) version 73
References
- http://marc.info/?l=bugtraq&m=105899759824008&w=2
- http://www.cert.org/advisories/CA-2003-18.html
- http://www.kb.cert.org/vuls/id/265232
- http://www.kb.cert.org/vuls/id/561284
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-030
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1095
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1104
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A218