McAfee > Theat Center > Vulnerability Detail Page

Timeline

12/11/2007

Vendor has provided a patch.

Description

Microsoft Windows is an industry standard operating system. Windows includes support for streaming media through its DirectShow technology. Microsoft Windows contains a vulnerability that may allow for remote code execution. The flaw lies in processing of specially crafted Synchronized Accessible Media Interchange (SAMI) files. Exploitation would allow for code execution at the rights level of the victim.

McAfee Product Mitigation & Recommendations

Recommendations

Download and install the patch available from Microsoft (941568): http://www.microsoft.com/technet/security/Bulletin/MS07-064.mspx

McAfee Product Mitigation

McAfee Foundstone

This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.

Signature:

(MS07-064) Microsoft DirectX Code Execution Vulnerability Parsing SAMI Files (941568)

Signature identifier:

5624

Release date:

12/11/2007

McAfee Intrushield

We have found that McAfee Intrushield is not proactively protecting against all known exploits of this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:

HTTP: Microsoft DirectShow Code Execution Vulnerability Parsing SAMI Files

Signature identifier:

0x4023FE00

Release date:

12/11/2007

First released in:

Sigset(s) 4.1.16, 3.1.53

McAfee Host IPS

Out of the box, HIPS protects against many buffer overflow exploits. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:

Generic Buffer Overflow Protection

Signature identifier:

428

Release date:

8/24/2000

First released in:

2.0

McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection

Out of the box, VSE 8.0i protects against many buffer overflow exploits. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:

Buffer Overflow Protection

Release date:

8/30/2004

First released in:

Build 131

McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection

Out of the box, VSE8.5i and ToPS SB protect against many buffer overflow exploits. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:

Buffer Overflow Protection

Release date:

11/29/2006

First released in:

Build 354

Additional Resources

Microsoft Securirty Bulletin: Vulnerabilities in DirectShow Could Allow Remote Code Execution (941568)

http://www.microsoft.com/technet/security/bulletin/MS07-064.mspx

All Information

Timeline -

12/11/2007

Vendor has provided a patch.

Description -

Microsoft Windows is an industry standard operating system. Windows includes support for streaming media through its DirectShow technology. Microsoft Windows contains a vulnerability that may allow for remote code execution. The flaw lies in processing of specially crafted Synchronized Accessible Media Interchange (SAMI) files. Exploitation would allow for code execution at the rights level of the victim.

McAfee Product Mitigation & Recommendations

Recommendations -

Download and install the patch available from Microsoft (941568): http://www.microsoft.com/technet/security/Bulletin/MS07-064.mspx

McAfee Product Mitigation

McAfee Foundstone

This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.

Signature:

(MS07-064) Microsoft DirectX Code Execution Vulnerability Parsing SAMI Files (941568)

Signature identifier:

5624

Release date:

12/11/2007

McAfee Intrushield

We have found that McAfee Intrushield is not proactively protecting against all known exploits of this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:

HTTP: Microsoft DirectShow Code Execution Vulnerability Parsing SAMI Files

Signature identifier:

0x4023FE00

Release date:

12/11/2007

First released in:

Sigset(s) 4.1.16, 3.1.53

McAfee Host IPS

Out of the box, HIPS protects against many buffer overflow exploits. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:

Generic Buffer Overflow Protection

Signature identifier:

428

Release date:

8/24/2000

First released in:

2.0

McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection

Out of the box, VSE 8.0i protects against many buffer overflow exploits. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:

Buffer Overflow Protection

Release date:

8/30/2004

First released in:

Build 131

McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection

Out of the box, VSE8.5i and ToPS SB protect against many buffer overflow exploits. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:

Buffer Overflow Protection

Release date:

11/29/2006

First released in:

Build 354

Additional Resources

Additional Resources -

Microsoft Securirty Bulletin: Vulnerabilities in DirectShow Could Allow Remote Code Execution (941568)

http://www.microsoft.com/technet/security/bulletin/MS07-064.mspx