Welcome to AppFail
You last visited: never

Welcome to AppFail

Posted on 2009-07-06

Apps Post ttackers compromised thousands of Web sites over the weekend to host code that exploits a previously unknown vulnerability in DirectShow, security experts said on Monday.

The attacks, first reported by Danish security researchers at CSIS Security Group, use a flaw in the way that Microsoft's Windows operating system handles TV tuner requests through an ActiveX control.

"An attacker who successfully exploited this vulnerability could gain the same user rights as the local user," Microsoft stated in an advisory released on Monday. "When using Internet Explorer, code execution is remote and may not require any user intervention. We are aware of attacks attempting to exploit the vulnerability."

The code does not serve a useful purpose in Internet Explorer, so Microsoft recommended that users remove the ActiveX control from the browser.

A month ago, Microsoft warned of a different vulnerability in its DirectX multimedia library. A number of Chinese Web sites have posted the exploit for the code, according to the SANS Internet Storm Center.

Microsoft's advisory offers workarounds for the issue, including setting the killbit for the ActiveX control.

By: Michael Spencer

blog comments powered by Disqus

Cuiusvis hominis est errare; nullius nisi insipientis in errore perseverare - Any man can make a mistake; only a fool keeps making the same one.

Digg Proof Hosting
The key to surviving Digg and Slashdot is Infrastructure. You can't get it from a regular web host, it requires experience. The High Load Hosting Experts at ScaleEngine can make your site thrive, and avoid having your site featured on AppFail.

Cyber Security Alerts

Page Generated in 150ms