This script is Copyright (C) 2003-2013 Tenable Network Security, Inc.
Arbitrary code can be executed on the remote host through DirectX.
The remote host is running a version of Windows with a version of
DirectX that is vulnerable to a buffer overflow attack involving the
module that handles MIDI files.
To exploit this flaw, an attacker needs to craft a rogue MIDI file and
send it to a user of this computer. When the user attempts to read the
file, it will trigger the buffer overflow condition and the attacker may
gain a shell on this host.
See also :
Microsoft has released a set of patches for DirectX.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false