Monday, July 6, 2009

0-Day Microsoft DirectShow

Today was all abuzz with news on a new 0-day exploit affecting the msvidctl.dll component of Microsoft DirectShow. The bug can be leveraged to run code on users' PCs if they are tricked into visiting a malicious website through Internet Explorer. The operative term being Internet Explorer. The internet is filled with pocs'. However if you are too lazy to search you can check out the carnal0wnage.attackresearch blog. Beware however, if your running Avast it may not like what it finds.

There is not currently a fix for this vulnerability,so in the mean time switch on over to FirefFox 3.5.

No comments:

Post a Comment