Microsoft Windows AVI Vulnerabilities

(MS09-038, CVE-2009-1545, CVE-2009-1546)

Two remote code execution vulnerabilities have been discovered in the way Microsoft Windows handles AVI files. An attacker can exploit this flaw to execute arbitrary code on a vulnerable system via a malicious AVI file.

Audio Video Interleave (AVI) is a format derived from Resource Interchange File Format (RIFF). This file type is used with applications that capture, edit, and play back audio-video sequences.

• CVE-2009-1545 is due to an error in the Windows component responsible for processing AVI files. This component does not properly validate data within specially crafted AVI.
• CVE-2009-1546 is also due to an error in the Windows component responsible for processing AVI files. This component does not properly handle specially crafted AVI files with malformed headers.

A remote attacker could exploit these issues via a malformed AVI file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code on a target system.

Check Point provides protections against attacks that use these vulnerabilities through its integrated IPS offerings, IPS Software Blade, and SmartDefense. The protections detect and block the transferring of malformed AVI files over HTTP. See CPAI-2009-149 and CPAI-2009-151.