Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
Microsoft DirectX DirectPlay Input Validation Error Lets Remote Users Crash the Application
|
|
SecurityTracker Alert ID: 1010427 |
|
SecurityTracker URL: http://securitytracker.com/id/1010427
|
|
CVE Reference:
CAN-2004-0202
(Links to External Site)
|
Date: Jun 8 2004
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 7.0a, 7.1, 8.1, 8.1a, 8.1b, 8.2, 9.0, 9.0a, and 9.0b
|
Description:
A denial of service vulnerability was reported in the implementation of the IDirectPlay4 API of Microsoft DirectPlay, part of DirectX. A remote user can cause a networked DirectPlay application to crash.
Microsoft reported that the software does not properly validate packets. A remote user can send a specially crafted packet to cause the application to crash.
The application must be manually restarted to return to normal operations.
Microsoft credits John Lampe of Tenable Network Security with reporting this flaw.
|
Impact:
A remote user can cause the target application to crash, requiring a manual restart to return to normal operations.
|
Solution:
Microsoft has issued the following fixes:
Microsoft DirectX 8.0, 8.0a, when installed on Windows 2000:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5595043A-AD55-47E3-A5CE-778DCDE13820&displaylang=en
Microsoft DirectX 8.1, 8.1a, 8.1b when installed on Windows 2000:
http://www.microsoft.com/downloads/details.aspx?FamilyId=52139FDD-7926-4DAE-A872-F67B1B55F2D0&displaylang=en
Microsoft DirectX 8.2 when installed on Windows 2000, or Windows XP:
http://www.microsoft.com/downloads/details.aspx?FamilyId=AC8325FA-DB1B-4A77-9800-716C5C74AC74&displaylang=en
Microsoft DirectX 9.0, 9.0a, 9.0b when installed on Windows 2000, Windows XP, or Windows Server 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=BF58AC23-62D5-4650-AEEF-B79551D5F778&displaylang=en
Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, Microsoft Windows 2000 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=DCAED052-6CE6-4709-84B3-9F1E0C182010&displaylang=en
Microsoft Windows XP and Microsoft Windows XP Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=1BEF9C9D-B317-4575-90E6-E89779469D37&displaylang=en
Microsoft Windows XP 64-Bit Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=B99445C7-3070-4CFA-9CCE-225B92E90698&displaylang=en
Microsoft Windows XP 64-Bit Edition Version 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=F677DCD7-00D6-4DB6-A4E8-201579CC0761&displaylang=en
Microsoft Windows Server 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=EBA8BD7D-033B-460D-9088-4BFE7BE22B73&displaylang=en
Microsoft Windows Server 2003 64-Bit Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=F677DCD7-00D6-4DB6-A4E8-201579CC0761&displaylang=en
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms04-016.mspx (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
Windows (Me), Windows (98), Windows (2000), Windows (2003), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 08 Jun 2004 14:47:28 -0400
Subject: MS04-016
|
http://www.microsoft.com/technet/security/bulletin/ms04-016.mspx
Microsoft Security Bulletin MS04-016
Vulnerability in DirectPlay Could Allow Denial of Service (839643)
Impact of Vulnerability: Denial of Service
Maximum Severity Rating: Moderate
CVE: CAN-2004-0202
The following versions of DirectX are affected: 7.0a, 7.1, 8.1, 8.1a, 8.1b, 8.2, 9.0,
9.0a, and 9.0b.
Microsoft reported that there is a denial of service vulnerability in the implementation
of the IDirectPlay4 API of Microsoft DirectPlay. A remote user can cause a networked
DirectPlay application to crash.
The software does not properly validate packets, the advisory said.
The application must be manually restarted to return to normal operations.
Microsoft credits John Lampe of Tenable Network Security with reporting this flaw.
Microsoft has issued the following fixes:
Microsoft DirectX 8.0, 8.0a, when installed on Windows 2000:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5595043A-AD55-47E3-A5CE-778DCDE13820&displaylang=en
Microsoft DirectX 8.1, 8.1a, 8.1b when installed on Windows 2000:
http://www.microsoft.com/downloads/details.aspx?FamilyId=52139FDD-7926-4DAE-A872-F67B1B55F2D0&displaylang=en
Microsoft DirectX 8.2 when installed on Windows 2000, or Windows XP:
http://www.microsoft.com/downloads/details.aspx?FamilyId=AC8325FA-DB1B-4A77-9800-716C5C74AC74&displaylang=en
Microsoft DirectX 9.0, 9.0a, 9.0b when installed on Windows 2000, Windows XP, or Windows
Server 2003
Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, Microsoft
Windows 2000 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=DCAED052-6CE6-4709-84B3-9F1E0C182010&displaylang=en
Microsoft Windows XP and Microsoft Windows XP Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=1BEF9C9D-B317-4575-90E6-E89779469D37&displaylang=en
Microsoft Windows XP 64-Bit Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=B99445C7-3070-4CFA-9CCE-225B92E90698&displaylang=en
Microsoft Windows XP 64-Bit Edition Version 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=F677DCD7-00D6-4DB6-A4E8-201579CC0761&displaylang=en
Microsoft Windows Server 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=EBA8BD7D-033B-460D-9088-4BFE7BE22B73&displaylang=en
Microsoft Windows Server 2003 64-Bit Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=F677DCD7-00D6-4DB6-A4E8-201579CC0761&displaylang=en
|
|
Go to the Top of This SecurityTracker Archive Page
|
