Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution
Microsoft is investigating new public reports of a new vulnerability in Microsoft DirectX. From Microsoft Security Advisory (971778)
Microsoft is investigating new public reports of a new vulnerability in Microsoft DirectX. The vulnerability could allow remote code execution if user opened a specially crafted QuickTime media file. Microsoft is aware of limited, active attacks that use this exploit code. While our investigation is ongoing, our investigation so far has shown that Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are vulnerable; all versions of Windows Vista and Windows Server 2008 are not vulnerable
Related Software
DirectX 7.0 on Microsoft Windows 2000 Service Pack 4
DirectX 8.1 on Microsoft Windows 2000 Service Pack 4
DirectX 9.0* on Microsoft Windows 2000 Service Pack 4
DirectX 9.0* on Windows XP Service Pack 2 and Windows XP Service Pack 3
DirectX 9.0* on Windows XP Professional x64 Edition Service Pack 2
DirectX 9.0* on Windows Server 2003 Service Pack 2
DirectX 9.0* on Windows Server 2003 x64 Edition Service Pack 2
DirectX 9.0* on Windows Server 2003 with SP2 for Itanium-based Systems
*The information for DirectX 9.0 also applies to DirectX 9.0a, DirectX 9.0b, and DirectX 9.0c.
Non affected software
Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
No Windows 7 in that list but since it is based on Vista I assume it is safe
Here is the workaround for now, more details here: http://support.microsoft.com/kb/971778
- Click Start, click Run, type regedit in the Open box, and then click OK.
Locate and then click the following subkeys in the registry:
For 32-bit Windows systems:
HKEY_CLASSES_ROOTCLSID{D51BD5A0-7548-11CF-A520-0080C77EF58A}
For 64 bit Windows Systems:
HKEY_CLASSES_ROOTCLSID{D51BD5A0-7548-11CF-A520-0080C77EF58A}
HKEY_CLASSES_ROOTWow6432NodeCLSID{D51BD5A0-7548-11CF-A520-0080C77EF58A}
- On the File menu, click Export.
In the Export Registry File dialog box, type Quicktime_Parser_Backup.reg, and then click Save. Note By default, this will create a backup of this registry key in the My Documents folder.
- Press DELETE on the keyboard to delete the registry key. When prompted to delete the registry key in the Confirm Key Delete dialog box, click Yes.
- Exit Registry Editor.
Denis has been working with SQL Server since version 6.5. Although he worked as an ASP/JSP/ColdFusion developer before the dot com bust, he has been working exclusively as a database developer/architect since 2002. In addition to English, Denis is also fluent in Croatian and Dutch, but he can curse in many other languages and dialects (just ask the SQL optimizer) He lives in Princeton, NJ with his wife and three kids.
