QwikSec

Security Database

CVE

CWE

Training

CVE-2010-0250

Published: Feb 10, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

oval:org.mitre.oval:def:8064

vdb-entry

signature

x_refsource_OVAL

http://support.avaya.com/css/P8/documents/100074167

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_CERT

third-party-advisory

x_refsource_SECUNIA

http://www.zerodayinitiative.com/advisories/ZDI-10-015/

x_refsource_MISC

vendor-advisory

x_refsource_MS

20100209 ZDI-10-015: Microsoft Windows RLE Video Decompressor Remote Code Execution Vulnerability

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.