MS.DirectX.MsVidCtl.ActiveX.Control

Name	MS.DirectX.MsVidCtl.ActiveX.Control.Access
Last Updated Date	Jul 13, 2009
Release Date	Jul 08, 2009
Severity	Critical
Impact	System Compromise: Remote attackers can gain control of vulnerable systems.
Description	This indicates an attack attempt against a buffer-overflow vulnerability in the Microsoft DirectShow. The vulnerability is caused by an error when the vulnerable software handles a specially crafted web page. It allows a remote attacker to execute arbitrary code.
Affected Products	Microsoft DirectX
Recommended Actions	Apply patch, available from the web site:: http://www.microsoft.com/technet/security/Bulletin/MS09-032.mspx
Common Vulnerabilities and Exposures (CVE)	http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0015
Microsoft Bulletin ID	MS09-037 http://www.microsoft.com/technet/security/Bulletin/ms09-037.mspx
Reference/s	http://www.securityfocus.com/bid/35558 (BugTraq) http://www.vupen.com/english/advisories/2009/1787 (FrSIRT) http://isc.sans.org/diary.html?storyid=6733 http://secunia.com/advisories/35683/ http://www.microsoft.com/technet/security/advisory/972890.mspx

Reference: VID-17565