Home / bulletins MS09-028 - Critical: Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633) - Version:2.0
Posted on 20 August 2009
There is an newer version: MS09-028 - Version: 1.0
CriticalSeverity Rating: Critical - Revision Note: V2.0 (August 19, 2009): Bulletin updated to reflect that the update for DirectX 8.1 also applies to DirectX 8.1b.Summary: This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft DirectShow. The vulnerabilities could allow remote code execution if a user opened a specially crafted QuickTime media file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Other versions
- MS09-028 - Version: 1.0
- MS09-028 - Version: 1.0
- MS09-028 - Version: 2.0
- MS09-028 - Version: 1.0
