Microsoft DirectX RLE Compressed Targa Image File Heap Overflow Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	07/18/2007
Severity:	Medium
Applications Affected:	Microsoft DirectX SDK

Synopsis

Heap-based buffer overflow in Microsoft DirectX SDK , including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with an encoding that produces more data than expected when decoding.

Recommended Actions

Microsoft has addressed this vulnerability in the October 2006 SDK and End-User Runtime releases.

Threat Analysis

Exploitation of an input validation vulnerability in Microsoft Corp.'s DirectX library could allow an attacker to execute arbitrary code in the context of the current user.

The vulnerability specifically exists in the way RLE compressed Targa format image files are opened. The Targa format allows multiple color depths and image storage options, depths and image storage options, and includes the ability to use run-length encoding (RLE), compression on the image data. This is a compression method which finds a 'run' of the pixels the same color and instead of storing the value multiple times, encodes the number of times to repeat one value.If the encoding specifies more data than has been allocated, a controlled heap overflow can occur.

References

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4183

Write-up by: Rajesh Rawal

Security Sites

“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”

Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner

| | | | | | | | |