Business IT - Technology for your business

No. 1 Story

Telstra adds one million mobile services, but Sensis plummets

Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.

 read more
StumbleUponSubmit to redditShare this on TwitterShare on facebook | Print |PDF 

More From

Microsoft warns of zero-day DirectShow vulnerability

Stephen Withers
Friday, 29 May 2009 04:55

Business IT - Security

Page 1 of 2
There's no fix yet, but Microsoft is warning its customers of a vulnerability in DirectShow in older versions of Windows. The flaw is being exploited.
Microsoft Office 365 Get your free Trial

Related Articles

DirectShow, part of DirectX, is a multimedia framework in Windows used for handling media files. It is used, for example, by Windows Media Player.

The vulnerability affects Windows 2000, XP and Server 2003, but not Vista, Server 2008 or Windows 7.

The problem is that a maliciously formed QuickTime video file passed to DirectShow can lead to remote code execution with the same rights as the current user. Given that so many people use administrator accounts, a successful exploit could take full control of their systems.

As the vulnerability is in DirectShow, it can be exploited whether or not QuickTime is installed on the target system.

A malicious video file could be distributed via email or web sites. In the latter case, viewing the relevant page with any browser that uses DirectShow to handle media files will allow the exploit to do its dirty work.

There's no timeframe for a fix, but Microsoft does offer three workarounds.

Please read on for a link to the most effective and easiest to apply.


Start 1 2 Next 

Sponsored Announcements

Kordia To Deploy ComOps Best Practice Safety and Risk Management Platform

David Bass | ComOps, a leading Australian provider of business software products and services, has won a competitive tender to deploy its Salvus safety, r…

You may have missed


Advertisement

- sponsored feature -

The Death of Traditional BI: What’s Next?

How to Make Business Discovery Work for Your Business IP PABX BUYING GUIDE

Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases