Microsoft
DirectX RLE Compressed Targa Image File Heap Overflow Vulnerability
Date Discovered:
07/18/2007
Severity:
Medium
Applications Affected:
Microsoft DirectX SDK
Synopsis
Heap-based
buffer overflow in Microsoft DirectX SDK , including 9.0c End User
Runtimes, allows context-dependent
attackers to execute arbitrary code via a crafted Targa file with an
encoding that produces more data than expected when decoding.
Recommended Actions
Microsoft has addressed this
vulnerability in the October 2006 SDK and End-User Runtime releases.
Threat Analysis
Exploitation of an input validation
vulnerability in Microsoft Corp.'s DirectX library could allow an
attacker to execute arbitrary code in the context of the current user.
The vulnerability specifically exists in the way RLE compressed Targa
format image files are opened. The Targa format allows multiple color
depths and image storage options, depths and image storage options, and
includes the ability to use run-length encoding (RLE), compression on
the image data. This is a compression method which finds a 'run' of the
pixels the same color and instead of storing the value multiple times,
encodes the number of times to repeat one value.If the encoding
specifies more data than has been allocated, a controlled heap overflow
can occur.
