The Web    Google
MS Patches 'Moderate' DirectX Flaw

MS Patches 'Moderate' DirectX Flaw
June 8, 2004
Ryan NaraineBy

A security flaw in one of Microsoft's (Quote, Chart) widely deployed DirectX application programming interfaces (API) could leave computer games at risk of denial-of-service attacks, the company warned on Tuesday.

The DirectX vulnerability, which carries a "moderate" severity rating, affects the IDirectPlay4 API used in network-based multi-player games.

Microsoft said the flaw exists in the implementation of the IDirectPlay4 API of DirectPlay because of a lack of robust packet validation. "If a user is running a networked DirectPlay application, an attacker who successfully exploited this vulnerability could cause the DirectPlay application to fail. The user would have to restart the application to resume functionality," the company said in an advisory.

Affected Software includes Windows Server 2003, Windows XP, Windows 2000, Windows Millenium Editon (Me) and Windows 98.

The software giant also issued a security fix for a problem in its Crystal Reports Web Form Viewer that could put users at risk of data loss and denial-of-service attacks.

The flaw, which is also carries a "moderate" severity rating, affects customers who use Microsoft Visual Studio .NET 2003; Outlook 2003 with Business Contact Manager and Microsoft Business Solutions Customer Relationship Management (CRM) 1.2.

"An attacker who successfully exploited the vulnerability could retrieve and delete files through the Crystal Reports and Crystal Enterprise Web viewers on an affected system. The number of files that are impacted by this vulnerability would depend on the security context of the affected component that is used by the Crystal Web viewer," Microsoft warned.

  • 2/10: Mydoom-AS a Mass-Mailing Worm
  • 2/25: Looked-C Worm Downloads File
  • 'Significant' Security Flaws Uncovered in Many Web Applications
  • Schumer Introduces No Spam Registry Bill
  • 2/25: Kelvir-A an Instant Messaging Worm
  • 9/7: Sdbot-RY Worm Runs in Background
  • 3/30: Anicmoo-C Trojan Arrives in Package
  • 6/10: Agobot-JT Allows Unauthorized Access
  • How hacking has entered the age of mass production.
  • 1/3: Hilin Worm Written in Visual Basic
  • 8/20: Rbot-GS Exploits Vulnerabilities
  • Discussion on Security Camera