This script is Copyright (C) 2003-2015 Tenable Network Security, Inc.
Arbitrary code can be executed on the remote host through DirectX.
The remote host is running a version of Windows with a version of
DirectX that is vulnerable to a buffer overflow attack involving the
module that handles MIDI files.
To exploit this flaw, an attacker needs to craft a rogue MIDI file and
send it to a user of this computer. When the user attempts to read the
file, it will trigger the buffer overflow condition and the attacker may
gain a shell on this host.
See also :
Microsoft has released a set of patches for DirectX.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false
Family: Windows : Microsoft Bulletins
Nessus Plugin ID: 11803 ()
Bugtraq ID: 8262
CVE ID: CVE-2003-0346
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.