Posted on 2009-07-06

ttackers compromised thousands of Web sites over the weekend to host code that exploits a previously unknown vulnerability in DirectShow, security experts said on Monday.

The attacks, first reported by Danish security researchers at CSIS Security Group, use a flaw in the way that Microsoft's Windows operating system handles TV tuner requests through an ActiveX control.

"An attacker who successfully exploited this vulnerability could gain the same user rights as the local user," Microsoft stated in an advisory released on Monday. "When using Internet Explorer, code execution is remote and may not require any user intervention. We are aware of attacks attempting to exploit the vulnerability."

The code does not serve a useful purpose in Internet Explorer, so Microsoft recommended that users remove the ActiveX control from the browser.

A month ago, Microsoft warned of a different vulnerability in its DirectX multimedia library. A number of Chinese Web sites have posted the exploit for the code, according to the SANS Internet Storm Center.

Microsoft's advisory offers workarounds for the issue, including setting the killbit for the ActiveX control.

By: Michael Spencer