Microsoft DirectShow ActiveX Buffer Overflow exploit in the wild

Kyle — Mon, 06 Jul 2009 17:50:48 +0000

Be sure to check for patches and network security appliance definitions/signatures today, Microsoft has been reminded again of why people hate ActiveX; Secunia is reporting a nasty new DirectShow Buffer Overflow attack is in the wild. This one is very dangerous, as it exploits the built-in DirectShow control in Internet Explorer (msvidctl.dll) by using specially-crafted image content to create a boundary error and subsequently cause a stack-based buffer overflow allowing the attacker to execute arbitrary code on the compromised machine.

The worst part? It’s already being actively used by bad people. Although Secunia’s site currently shows Windows XP as the only OS vulnerable, I wouldn’t be surprised to see more versions of Windows tacked on in the near future.

More information can be found here.

Tags: ActiveX, activex buffer overflow, Advisory, attack, based buffer overflow, boundary, Buffer, buffer overflow attack, code, DirectShow, dll, image content, internet explorer, microsoft, microsoft directshow, msvidctl, network security appliance, Overflow, secunia, stack overflow

M32 Security » msvidctl

Microsoft DirectShow ActiveX Buffer Overflow exploit in the wild