=====================================================================
                                  CERT-Renater

                       Note d'Information No. 2005/VULN619
_____________________________________________________________________

DATE                      : 12/10/2005

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows 2000, Windows XP, Windows Server 2003,
                                 Windows 98, Windows Me.

======================================================================

MS05-050 - Vulnerability in DirectShow Could Allow Remote Code
            Execution (904706)

   - Affected Software:
     - Windows 2000 Service Pack 4
     - Windows XP Service Pack 1
     - Windows XP Service Pack 2
     - Windows XP Professional x64 Edition
     - Windows Server 2003
     - Windows Server 2003 Service Pack 1
     - Windows Server 2003 for Itanium-based Systems
     - Windows Server 2003 with SP1 for Itanium-based Systems
     - Windows Server 2003 x64 Edition

     - Review the FAQ section of bulletin MS05-O50 for information
       about these operating systems:
         - Windows 98
         - Windows 98 Second Edition (SE)
         - Windows Millennium Edition (ME)

     - Impact: Remote Code Execution
     - Version Number: 1.0


Full MS05-050 advisory:
http://www.microsoft.com/technet/security/bulletin/MS05-050.mspx


Vulnerability Details:

DirectShow Vulnerability - CAN-2005-2128:

A remote code execution vulnerability exists in DirectShow that could allow
an attacker who successfully exploited this vulnerability to execute
arbitrary code with the privileges of the user opening a malicious .avi file.

On a Windows operating system, any anonymous user who could deliver a
specially crafted .avi file to the affected system could try to exploit
this vulnerability.

More details are provided in the following eEye advisory:
http://www.eeye.com/html/research/advisories/AD20051011a.html

======================================================================

         =========================================================
         Les serveurs de référence du CERT-Renater
         http://www.urec.fr/securite
         http://www.cru.fr/securite
         http://www.renater.fr
         =========================================================
         + CERT-RENATER          | tel : 01-53-94-20-44          +
         + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
         + 75013 Paris           | email: certsvp@renater.fr     +
         =========================================================