Microsoft have recently announced a Microsoft DirectShow vulnerability via an advisory and multiple blog entries. The advisory indicates that Microsoft are investigating public reports of a vulnerability within the DirectShow element of DirectX - CVE-2009- 1537 has been allocated to this vulnerability. Microsoft have published quite a detailed set of actions which provide a temporary workaround for this issue to prevent the download of a crafted QuickTime formated file. The following information has been posted: http://blogs.technet.com/msrc/default.aspx In the advisory Microsoft have indicated that a patch will be produced for this but give no timescales. To reduce the potential risk you should consider the impact of applying the workaround versus the period of nil-protection whilst it's MAPP/MSRA partners get definitions out for detection, etc. SecurityFocus have reported that targeted exploits of this issue have been seen in the wild.
|
Stephen 89 Posts May 28th 2009 |
Thread locked Subscribe |
May 28th 2009 1 decade ago |
Today, 01 Jun, 2009, Apple released QuickTime 7.6.2, which addresses a number of issues. I would infer from the Security Summary at http://support.apple.com/kb/HT3591 that CVE-2009-1537 is not whatsoever addressed, so this update will not help on the DirectShow issue. The ones listed in the .../kb/HT3591 article are (in order of listing):
CVE-2009-0188 CVE-2009-0951 CVE-2009-0952 CVE-2009-0010 CVE-2009-0953 CVE-2009-0954 CVE-2009-0185 CVE-2009-0955 CVE-2009-0956 CVE-2009-0957 CVE-2009-0188 CVE-2009-0951 CVE-2009-0952 CVE-2009-0010 CVE-2009-0953 CVE-2009-0954 CVE-2009-0185 CVE-2009-0955 CVE-2009-0956 CVE-2009-0957 /s/ BezantSoft |
Anonymous |
Quote |
Jun 2nd 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!