Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-3901

CWE-119Buffer Overflow5 documents4 sources
Severity
8.5HIGH
EPSS
77.1%
top 1.03%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Directx
Timeline
PublishedDec 12
Latest updateMay 1

Description

Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/directx15 versions+14

🔴Vulnerability Details

2
GHSA
GHSA-3h62-xc6m-rwqv: Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz2022-05-01
CVEList
CVE-2007-3901: Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz2007-12-12

💥Exploits & PoCs

2
Exploit-DB
Microsoft DirectX DirectShow - SAMI Buffer Overflow (MS07-064) (Metasploit)2010-10-05
Exploit-DB
Microsoft DirectX SAMI File Parsing - Remote Stack Overflow2008-01-08
CVE-2007-3901 (HIGH CVSS 8.5) | Stack-based buffer overflow in the | cvebase.io