Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution

Microsoft is investigating new public reports of a new vulnerability in Microsoft DirectX. From Microsoft Security Advisory (971778)

Microsoft is investigating new public reports of a new vulnerability in Microsoft DirectX. The vulnerability could allow remote code execution if user opened a specially crafted QuickTime media file. Microsoft is aware of limited, active attacks that use this exploit code. While our investigation is ongoing, our investigation so far has shown that Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are vulnerable; all versions of Windows Vista and Windows Server 2008 are not vulnerable

Related Software

DirectX 7.0 on Microsoft Windows 2000 Service Pack 4

DirectX 8.1 on Microsoft Windows 2000 Service Pack 4

DirectX 9.0* on Microsoft Windows 2000 Service Pack 4

DirectX 9.0* on Windows XP Service Pack 2 and Windows XP Service Pack 3

DirectX 9.0* on Windows XP Professional x64 Edition Service Pack 2

DirectX 9.0* on Windows Server 2003 Service Pack 2

DirectX 9.0* on Windows Server 2003 x64 Edition Service Pack 2

DirectX 9.0* on Windows Server 2003 with SP2 for Itanium-based Systems

*The information for DirectX 9.0 also applies to DirectX 9.0a, DirectX 9.0b, and DirectX 9.0c.

Non affected software

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2

Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

No Windows 7 in that list but since it is based on Vista I assume it is safe

Here is the workaround for now, more details here: http://support.microsoft.com/kb/971778

  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then click the following subkeys in the registry:

    • For 32-bit Windows systems:

      HKEY_CLASSES_ROOTCLSID{D51BD5A0-7548-11CF-A520-0080C77EF58A}

    • For 64 bit Windows Systems:

      HKEY_CLASSES_ROOTCLSID{D51BD5A0-7548-11CF-A520-0080C77EF58A}

      HKEY_CLASSES_ROOTWow6432NodeCLSID{D51BD5A0-7548-11CF-A520-0080C77EF58A}

    • On the File menu, click Export.
    • In the Export Registry File dialog box, type Quicktime_Parser_Backup.reg, and then click Save. Note By default, this will create a backup of this registry key in the My Documents folder.

      • Press DELETE on the keyboard to delete the registry key. When prompted to delete the registry key in the Confirm Key Delete dialog box, click Yes.
      • Exit Registry Editor.