Microsoft has released security advisory 971778 indicating that it is investigating public reports of a vulnerability in DirectX. This vulnerability exists in the way Microsoft DirectShow handles QuickTime files and does not require Apple QuickTime to be installed on the system. By convincing a user to open a specially crafted QuickTime media file, a remote attacker may be able to execute arbitrary code. Additionally, the advisory indicates that Microsoft Windows 2000 Service Pack 4, Windows XP, and Server 2003 are vulnerable.

US-CERT encourages users and administrators to review Microsoft security advisory 971778 and apply the workarounds provided in the document to help mitigate the risks.

US-CERT will provide additional information as it becomes available.

Read more at: US-CERT Current Activity