QuickTime Vulnerability in DirectShow Discovered, Microsoft Announced
Article by George Norman
On 29 May 2009
Redmond-based software developer Microsoft has announced that there is a remote code execution vulnerability affecting its DirectShow Platform when parsing QuickTime files. What this means is that if a person with malicious intent gets you to open a specially crafted QuickTime media file, then said person could perform remote code execution. At this time Microsoft has identified active but limited attacks. It must be noted that no Vista OS version is affected, only Windows 2000 SP4, XP and Server 2003.

The Microsoft Security Response Center issued a statement on the subject: “We’ve just released Microsoft Security Advisory 971778 today. This discusses a new vulnerability in Microsoft DirectShow affecting Windows 2000, Windows XP and Windows Server 2003 that is under limited attack. The advisory outlines information about the vulnerability and steps customers can take to protect themselves while we’re working on a security update to address the issue. Our investigation has shown that the vulnerable code was removed as part of our work building Windows Vista. This means that Windows Vista and versions of Windows since Windows Vista (Windows Server 2008, Windows 7) are not vulnerable.”

Advertising

The vulnerability is to be found in the QuickTime parser in Microsoft DirectShow. For the attacker to exploit it, then he would have to create a malicious QuickTime and then post it online or attach it to outgoing emails. This is not a browser flaw, it is a quartz.dll flaw – the attacker could set up a malicious web page that uses media playback plug-ins which would allow the malicious QuickTime file to access the quartz.dll vulnerability. If you receive a malicious QuickTime file via email and you open it via Windows Media Player, the vulnerability could be triggered this way also.

Available workarounds:
1. Disable QuickTime parsing in quartz.dll by deleting this key:
HKEY_CLASSES_ROOTCLSID{D51BD5A0-7548-11CF-A520-0080C77EF58A}
2. Kill-bit WMP ActiveX Control
Set the following registry key to apply the killbit:
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{6BF52A52-394A-11D3-B153-00C04F79FAA6}]
"Compatibility Flags"=dword:00000400
3. Unregister/ACL quartz.dll

But according to the MSRC there is a simpler way to go about things: "we have found one workaround in particular that is simple and effective and protects against the vulnerability with limited impact. In fact, this particular workaround is simple enough that we’ve been able to give you a way to automatically implement the workaround with the click of a button. Our Customer Service and Support (CSS) group has a new capability called “ Fix it ” that can automatically apply simple solutions to your system. We’ve gone ahead and built a “Fix it” that implements the “Disable the parsing of QuickTime content in quartz.dll” registry change workaround. We have also built a "Fix it" that will undo the workaround automatically."

If you would like to read Microsoft’s Security Advisory 971778 “Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution”, you can do so here.
The Knowledge Base article with the simple Fix It workaround is availabe here .



Tags: Microsoft, QuickTime, Parsing, quartz.dll, security, DirectShow
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 31 May 2017
Having lots of devices connected to your network and the internet isn't a problem, as long as you keep the bad guys out of the picture. That’s crucial, because they'll exploit any vulnerability that they can find.
By George Norman on 26 Jul 2017
Top-notch real-time protection against viruses doesn’t have to cost money, not if you go with the recently introduced Kaspersky Free antivirus solution. It may not come with a lot of bells and whistles, but it nicely covers all the basics and...
By George Norman on 19 Jun 2017
Don’t worry. I’m not going to rehash all those facts that everyone already knows about Bill Gates, like how he got arrested for driving without a license, that he is a college dropout, and that he plans to give most of his fortune to charity.
By George Norman on 31 Jul 2017
Are people taking better care of their passwords, or have their password habits changed for the worse? To get an answer to that question, data loss prevention software company Digital Guardian surveyed a thousand people about their password security habits and found that...
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
QuickTime Vulnerability in DirectShow Discovered, Microsoft Announced
HTML Linking Code