Ir iznākusi jauna apakšversija Microsoft DirectX 9.0b. Par iepriekšējo var palasīt arhīvā Microsoft DirectX® 9.0 Final. Diemžēl sīkāku informāciju par šo versiju neatradu, lai gan faila datums ir 17.jūlijs.
LongT šajā sakarā pirms pāris dienām atsūtīja norādi uz Neowin.net lapu kurā spriedelēja par noklīdušām versijām.
Izrādās, ka tas viss prieks ir dēļ kārtējā MS03-030: Unchecked Buffer in DirectX Could Enable System Compromise.
DirectX is made up of a set of low-level Application Programming Interfaces (APIs) that is used by Windows programs for multimedia support. The DirectShow technology in DirectX performs client-side audio and video sourcing, manipulation, and rendering. There are two buffer overruns that have the same effects in the function that is used by DirectShow to check parameters in a Musical Instrument Digital Interface (MIDI) file. These buffer overruns may cause a security vulnerability because it would be possible for a malicious user to try to exploit these flaws and run code in the security context of the logged on user.
An attacker could seek to exploit this vulnerability by creating a specially crafted MIDI file that is designed to exploit this vulnerability and then host this file on a Web site or on a network share, or send it by means of an HTML e-mail message. If the file was hosted on a Web site or network share, the user would have to open the specially crafted file. If the file was embedded in a page, the vulnerability could be exploited when a user visits the Web page. If the file is sent in an HTML e-mail message, the vulnerability could be exploited when a user opens or previews the HTML e-mail message. A successful attack could either cause DirectShow or a program that is using DirectShow to fail, or it could cause an attacker’s code to run on the user’s computer in the security context of the user.