Windows Security update for DirectX 8

Microsoft has reported two buffer overflow problems in DirectX, known set of APIs used by Windows programs and games for multimedia support and announced that the update that resolves them is available.

The two buffer overflows have the same effects in the function used by DirectShow to check the parameters in a MIDI (Musical Instrument Digital Interface) file. Both flaws result in a security vulnerability, as they could allow arbitrary code to be run on affected systems.

To exploit this security flaw, an attacker must create a certain type of MIDI file and host it on a website or in a shared folder, or send it out via email. The attacker could run arbitrary code on the system if the user of the affected computer visits the website hosting the malicious file, views the email message containing it or opens the folder in which it is stored.

More information about this vulnerability and the update release by Microsoft are available here.