also @ TechSpot: Metro: Last Light Performance, Benchmarked

Microsoft reveals DirectX 'critical' flaw

Discussion in 'General Discussion' started by Julio Franco, Jul 24, 2003.

  1. Julio Franco TechSpot Editor Posts: 6,051   +121

    Microsoft reveals 'critical' flaw

    The flaw is unusually widespread, affecting all versions of DirectX from version 5.2 to the current 9.0a running on all versions of Windows from Windows 98 through the new Windows Server 2003, according to the Microsoft bulletin.

    The flaw, which received Microsoft's highest severity rating, involves the way DirectX handles MIDI music files. A malformed MIDI file could overrun the buffer in DirectX, at which point extra software embedded in the file would be executed.
    Exploiting the flaw would entail the creation of a maliciously malformed MIDI file, which vulnerable Windows users would have to be tricked into running, either through e-mail or a Web page.

    Read more: CNet News.
    Julio Franco, Jul 24, 2003
    #1

  2. Abraxas Newcomer, in training Posts: 205

    Does 9.0b fix that?
    Abraxas, Jul 24, 2003
    #2

  3. Phantasm66 Newcomer, in training Posts: 6,504

    I don't know (have not checked) but I would imagine that that would explain 9.0b 's sudden arrival I have certainly downloaded and installed 9.0b as soon as I read about it here.
    Phantasm66, Jul 24, 2003
    #3

  4. ---agissi--- TechSpot Paladin Posts: 2,369   +9

    Another bug :eek:

    Do they ever check they're software for this kind of stuff?? Its posted all the time
    ---agissi---, Jul 25, 2003
    #4

  5. XtR-X Newcomer, in training Posts: 1,040

    I guess it's safe to say that we should all avoid MIDIs for a short while until the problem is completely solved.

    The scary thing is that we can trail off to a site that has embedded MIDI inside the HTML and we could be attacked by it.
    XtR-X, Jul 25, 2003
    #5

  6. TS | Thomas Newcomer, in training Posts: 1,327

    Yes, DirectX 9.0b fixes this.
    TS | Thomas, Jul 25, 2003
    #6
     
Topic Status:
Not open for further replies.

Add New Comment

Social Login & Guest Posting

TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.