Daily cyber threats and internet security news: network security, online safety and latest security alerts
May 28th, 2009

Rigged QuickTime Media Files Exploit Unpatched Microsoft DirectX Vulnerability

Microsoft today warned that hackers are using rigged QuickTime media files to exploit an unpatched vulnerability in DirectShow, the APIs used by Windows programs for multimedia support.

The company has activated its security response process to deal with the zero-day attacks has issued a pre-patch advisory with workarounds and a one-click “fix it” feature to enable the mitigation.

From the advisory:

Microsoft is aware of limited, active attacks that use this exploit code. While our investigation is ongoing, our investigation so far has shown that Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are vulnerable; all versions of Windows Vista and Windows Server 2008 are not vulnerable.

According to MSRC blog, the vulnerability is in the QuickTime parser in Microsoft DirectShow. An attacker would try and exploit the vulnerability by crafting a specially formed video file and then posting it on a website or sending it as an attachment in e-mail. While this isn’t a browser vulnerability, because the vulnerability is in DirectShow, a browser-based vector is potentially accessible through any browser using media plug-ins that use DirectShow. Also, we’ve verified that it is possible to direct calls to DirectShow specifically, even if Apple’s QuickTime (which is not vulnerable) is installed.

The vulnerable component was removed from Windows Vista and later operating systems but is still available for use in the Microsoft Windows 2000, Windows XP, and Windows Server 2003 operating systems.

Vulnerable Windows users should immediately consider disabling QuickTime parsing to thwart attackers. The article at provides fix-it button that automatically enables the workaround. It also provides detailed instructions on using a managed script deployment for Windows shops.

Credit: Security Blogs

Share this item with others:

More on CyberInsecure:
  • QuickTime Crashing Zero-day Attack Code Published, Malicious Code Execution Possible
  • Apple QuickTime Multiple Remote Vulnerabilities
  • Zero-Day PowerPoint Vulnerability Spawns Trojan Attacks
  • Critical Flaws Patched By Apple in QuickTime 7.5 Update
  • Highly Critical Vulnerabilities In VLC Media Player

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Rigged QuickTime Media Files Exploit Unpatched Microsoft DirectX Vulnerability

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.