Microsoft warned yesterday that hackers are using QuickTime media files to exploit an unpatched 0-day vulnerability in DirectShow.
In a posting on Microsoft's security response center blog company officials confirmed the new vulnerability affects Microsoft DirectShow in Windows 2000, Windows XP and Windows Server 2003, under limited attack.
After initial investigation Microsoft have confirmed that the vulnerable code was removed as part of their work building Windows Vista. This means that Windows Vista and versions of Windows since Windows Vista (Windows Server 2008, Windows 7) are not vulnerable.
An attacker would try and exploit the vulnerability by crafting a specially formed video file and then posting it on a website or sending it as an attachment in e-mail. While this isn't a browser vulnerability, because the vulnerability is in DirectShow, a browser-based vector is potentially accessible through any browser using media plug-ins that use DirectShow.
Microsoft have provided workarounds for the exploit available under the 971778 security advisory.
93 Comments - Add comment