Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption

msvidctlmpeg2.rb Microsoft DirectShow msvidctl.dll MPEG-2 Memory Corruption exploit for the Metasploit Framework Tested successfully on the following platforms fully patched 06/07/09: - Internet Explorer 6, Windows XP SP2 - Internet Explorer 7, Windows XP SP3 Original exploit was found in-the-wil...

Researcher Shows Killbit is No Defense on MsVidCtl Flaw

Ryan Smith, one of the researchers who found the bug in the Microsoft MsVidCtl DLL that the vendor is rushing to patch this week, has posted a short video demonstration of a technique that bypasses the stop-gap solution of preventing the vulnerable ActiveX control from loading. In the demo, Smith...

Microsoft Response on MsVidCtl Flaw Was Lacking

Microsoft has expended a massive amount of time, energy and money in the last few years to improve both the quality of its software and the speed and efficiency of its security response process. It has succeeded in large part on both counts, especially on the security and reliability of its...

Microsoft to Release Patches for Two Video Control Flaws

Microsoft’s July Patch Tuesday release will include a fix for the DirectShow vulnerability that was revealed in May, and the software giant said it likely will also have a patch available for a related flaw in the MsVidCtl ActiveX control that became public earlier this week and has been under...

How to Protect Against the MSVidCtl Vulnerability

The ongoing exploitation of the vulnerability in an ActiveX control used by Internet Explorer has created a dangerous situation, as there is no patch yet for the MSVidCtl.dll vulnerability. However, there are several steps you can take to protect yourself against attacks. Microsoft has released a...