Microsoft warns of zero-day DirectShow vulnerability

By Stephen Withers
Friday, 29 May 2009 03:55

Security

Page 1 of 2
There's no fix yet, but Microsoft is warning its customers of a vulnerability in DirectShow in older versions of Windows. The flaw is being exploited.
DirectShow, part of DirectX, is a multimedia framework in Windows used for handling media files. It is used, for example, by Windows Media Player.

The vulnerability affects Windows 2000, XP and Server 2003, but not Vista, Server 2008 or Windows 7.

The problem is that a maliciously formed QuickTime video file passed to DirectShow can lead to remote code execution with the same rights as the current user. Given that so many people use administrator accounts, a successful exploit could take full control of their systems.

As the vulnerability is in DirectShow, it can be exploited whether or not QuickTime is installed on the target system.

A malicious video file could be distributed via email or web sites. In the latter case, viewing the relevant page with any browser that uses DirectShow to handle media files will allow the exploit to do its dirty work.

There's no timeframe for a fix, but Microsoft does offer three workarounds.

Please read on for a link to the most effective and easiest to apply.


«StartPrev12NextEnd»

SPONSORED PRESS RELEASES

Websense Security Labs Reports ‘User Trust’ Targeted Attacks; Over 1 in 10 ‘Top Search’ Results Categorised as Malware; Increased Focus on Web 2.0
Websense, Inc. today revealed the findings from its bi-annual research report: Websense Security Labs, State of Internet Security, Q3-Q4 2009.
ComOps Scoops Leading Position in SmartCompany Dun and Bradstreet IT Company Growth List
F5 APAC CIO Survey Underscores Need for Proactive Approach to Application Delivery and Cloud Computing
F5 Delivers Next-Generation Application Delivery Services Giving Enterprises More Control with Context-Aware Networking
WatchGuard Enhances Security Software
engin Launches Hosted Phone System for Australian Small Business
Progress OpenEdge Again Ranked the Leading ‘Pure-Play’ Embedded DBMS by IDC
Progress Software OpenEdge simplifies SaaS development and reduces time-to-market with increased UI flexibility

Featured IT jobs

Sydney
Mid-level Oracle DBA, CBD <$100K + super
A varied DBA role that involves multitasking in a dynamic software development environment dealing with challenging customer needs on a daily basis.
Skills Tags:   Linux  Oracle  UAT
Melbourne
Program Manager - 6 months contract
A position has just become available for experienced Program/Project Manager to join a large organisation on a major Data Centre upgrade....
Skills Tags:   SAP
Melbourne
Senior Business Development Manager - ITSM solutions
URGENT! Experienced BDM needed for senior sales role in Melbourne - must have ITSM consultancy sales experience.
Skills Tags:   C  Development  EDI  IT
Sydney
INCIDENT COORD - PROCESS DRIVEN - CONT
CRITICAL INCIDENT COORDINATOR - 24 x 7 shifts - 3 month CONTRACT ONLY...
Skills Tags:   Excel  IT  ITIL  Management  Reporting

Editors Picks

Stories you may have missed

How YouTube is killing mobile networks, and what to do about it

Microsoft Surface slips into Australia

Wikileaks is back from the brink
 

What iTWire offers for free

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases