Stack-Based Buffer Overflow in Microsoft DirectX DirectShow Parser
CVE-2007-3901

Currently unrated

Key Information:

Vendor: Microsoft
Status: Directx
Vendor: CVE Published:; 12 December 2007

Summary

A stack-based buffer overflow vulnerability exists in the DirectShow Synchronized Accessible Media Interchange parser within the quartz.dll file of Microsoft DirectX 7.0 to 10.0. This weakness allows remote attackers to execute arbitrary code by crafting a malicious SAMI file, potentially leading to unauthorized control over the affected system. Users are advised to ensure their systems are updated with the latest security patches to mitigate this risk.

References

http://www.iss.net/threats/280.html

third-party-advisoryx_refsource_ISS

http://www.kb.cert.org/vuls/id/804089

third-party-advisoryx_refsource_CERT-VN

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

78% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 12, 2007
Vulnerability Reserved
Jul 19, 2007