Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Microsoft DirectX DirectPlay Input Validation Error Lets Remote Users Crash the Application
|
|
SecurityTracker Alert ID: 1010427
|
|
SecurityTracker URL: http://securitytracker.com/id?1010427
|
|
CVE Reference: CAN-2004-0202
(Links to External Site)
|
Date: Jun 8 2004
|
Impact: Denial of service via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 7.0a, 7.1, 8.1, 8.1a, 8.1b, 8.2, 9.0, 9.0a, and 9.0b
|
Description: A denial of service vulnerability was reported in the implementation of the IDirectPlay4 API of Microsoft DirectPlay, part of DirectX. A remote user can cause a networked DirectPlay application to crash.
Microsoft reported that the software does not properly validate packets. A remote user can send a specially crafted packet to cause
the application to crash.
The application must be manually restarted to return to normal operations.
Microsoft credits John
Lampe of Tenable Network Security with reporting this flaw.
|
Impact: A remote user can cause the target application to crash, requiring a manual restart to return to normal operations.
|
Solution: Microsoft has issued the following fixes:
Microsoft DirectX 8.0, 8.0a, when installed on Windows 2000:
http://www.microsoft.com/downloads/details.aspx?FamilyId=55950
43A-AD55-47E3-A5CE-778DCDE13820&displaylang=en
Microsoft DirectX 8.1, 8.1a, 8.1b when installed on Windows 2000:
http://www.microsoft.com/downloads/details.aspx?Fam
ilyId=52139FDD-7926-4DAE-A872-F67B1B55F2D0&displaylang=en
Microsoft DirectX 8.2 when installed on Windows 2000, or Windows XP:
http://www.microsoft.com/downloads/de
tails.aspx?FamilyId=AC8325FA-DB1B-4A77-9800-716C5C74AC74&displaylang=en
Microsoft DirectX 9.0, 9.0a, 9.0b when installed on Windows
2000, Windows XP, or Windows Server 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=BF58AC23-62D5-4650-AEEF-B79551D5F778&displaylang=en
Microsoft
Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, Microsoft Windows 2000 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=DCA
ED052-6CE6-4709-84B3-9F1E0C182010&displaylang=en
Microsoft Windows XP and Microsoft Windows XP Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?Famil
yId=1BEF9C9D-B317-4575-90E6-E89779469D37&displaylang=en
Microsoft Windows XP 64-Bit Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId
=B99445C7-3070-4CFA-9CCE-225B92E90698&displaylang=en
Microsoft Windows XP 64-Bit Edition Version 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=F677
DCD7-00D6-4DB6-A4E8-201579CC0761&displaylang=en
Microsoft Windows Server 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=EBA8BD7D-033B-460D-9088-4BFE
7BE22B73&displaylang=en
Microsoft Windows Server 2003 64-Bit Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=F677DCD7-00D6-4DB6-A4E8-201579CC0761&
displaylang=en
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms04-016.mspx (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Windows (Me), Windows (98), Windows (2000), Windows (2003), Windows (XP)
|
Underlying OS Comments: Windows NT 4.0 is not affected
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 08 Jun 2004 14:47:28 -0400
Subject: MS04-016
|
http://www.microsoft.com/technet/security/bulletin/ms04-016.mspx
Microsoft Security Bulletin MS04-016
Vulnerability in DirectPlay Could Allow Denial of Service (839643)
Impact of Vulnerability: Denial of Service
Maximum Severity Rating: Moderate
CVE: CAN-2004-0202
The following versions of DirectX are affected: 7.0a, 7.1, 8.1, 8.1a, 8.1b, 8.2, 9.0,
9.0a, and 9.0b.
Microsoft reported that there is a denial of service vulnerability in the implementation
of the IDirectPlay4 API of Microsoft DirectPlay. A remote user can cause a networked
DirectPlay application to crash.
The software does not properly validate packets, the advisory said.
The application must be manually restarted to return to normal operations.
Microsoft credits John Lampe of Tenable Network Security with reporting this flaw.
Microsoft has issued the following fixes:
Microsoft DirectX 8.0, 8.0a, when installed on Windows 2000:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5595043A-AD55-47E3-A5CE-778DCDE13820&dis
playlang=en
Microsoft DirectX 8.1, 8.1a, 8.1b when installed on Windows 2000:
http://www.microsoft.com/downloads/details.aspx?FamilyId=52139FDD-7926-4DAE-A872-F67B1B55F2D0&dis
playlang=en
Microsoft DirectX 8.2 when installed on Windows 2000, or Windows XP:
http://www.microsoft.com/downloads/details.aspx?FamilyId=AC8325FA-DB1B-4A77-9800-716C5C74AC74&dis
playlang=en
Microsoft DirectX 9.0, 9.0a, 9.0b when installed on Windows 2000, Windows XP, or Windows
Server 2003
Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, Microsoft
Windows 2000 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=DCAED052-6CE6-4709-84B3-9F1E0C182010&dis
playlang=en
Microsoft Windows XP and Microsoft Windows XP Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=1BEF9C9D-B317-4575-90E6-E89779469D37&dis
playlang=en
Microsoft Windows XP 64-Bit Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=B99445C7-3070-4CFA-9CCE-225B92E90698&dis
playlang=en
Microsoft Windows XP 64-Bit Edition Version 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=F677DCD7-00D6-4DB6-A4E8-201579CC0761&dis
playlang=en
Microsoft Windows Server 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=EBA8BD7D-033B-460D-9088-4BFE7BE22B73&dis
playlang=en
Microsoft Windows Server 2003 64-Bit Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=F677DCD7-00D6-4DB6-A4E8-201579CC0761&dis
playlang=en
|
|
Go to the Top of This SecurityTracker Archive Page
|
