Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
Microsoft warns of DirectX attacks
Published: 2009-06-03

Microsoft warned users last week that attackers had begun using malicious QuickTime files to target a vulnerability in the way its DirectX library handles Apple's multimedia format.

The vulnerability — which affects Windows 2000 and XP, but not Windows Vista — allows an attacker to compromise the system with the rights of a user. In an advisory published on Thursday, Microsoft called the attacks "limited," a qualifier that frequents the software giant's warnings on security issues.

"While this isn’t a browser vulnerability, because the vulnerability is in DirectShow, a browser-based vector is potentially accessible through any browser using media plug-ins that use DirectShow," a member of Microsoft's Security Response Center stated on the group's blog. "Also, we’ve verified that it is possible to direct calls to DirectShow specifically, even if Apple’s QuickTime — which is not vulnerable — is installed."

The company is currently working on a fix for the vulnerability, the MSRC stated.

Microsoft has implemented a workaround for the vulnerability that can be automatically applied to affected Windows systems to "disable the parsing of QuickTime content in quartz.dll."

If you have tips or insights on this topic, please contact SecurityFocus.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:


Privacy Statement
Copyright 2009, SecurityFocus