DirectShow 0day is a high rate of 0day exploit, the current outbreak has already begun last week online. In order for the attack to work the victim needs to use XP built-in Windows Media Player to play media files which in turn triggers internal loopholes.
This is a client side (IE) exploit, so visiting a malicious site will result in infection.
Attack characteristics are as follows:
(I`ve found the code on http://**.****.cn website)
var appllaa='0';
myObject.classid='clsid:0955AC62-BF2E-4CBA-A2B9-A63F772D46CF';
Microsoft's advisory offers workarounds for the issue (from today), including setting the killbit for the ActiveX control.
There is one known hotfix and that is to set a "kill bit" in the registry for the ActiveX component.
\x1 Create the following Key
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}]
"Compatibility Flags"=dword:00000400
\x2 Create a dword value named "Compatibility Flags" and give it a value of 400.
Tuesday, July 7, 2009
Subscribe to:
Posts (Atom)