Use-after-free Vulnerability in Microsoft DirectX
CVE-2009-0084

Currently unrated

Key Information:

Vendor: Microsoft
Status: Directx
Vendor: CVE Published:; 15 April 2009

Summary

A use-after-free vulnerability exists in Microsoft DirectX that can be exploited by attackers through specially crafted MJPEG files or video streams. When an MJPEG file containing a malformed Huffman table is processed, it can trigger an exception that improperly frees heap memory. This freed memory may be accessed again, allowing attackers to execute arbitrary code on the affected system. Ensuring systems are updated to mitigate this type of vulnerability is crucial for maintaining security.

References

http://www.us-cert.gov/cas/techalerts/TA09-104A.html

third-party-advisoryx_refsource_CERT

http://osvdb.org/53632

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/34665

third-party-advisoryx_refsource_SECUNIA

EPSS Score

58% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 15, 2009
Vulnerability Reserved
Jan 8, 2009