Microsoft Windows Knowledge Base Article 961373 update is not installed (WinMs09kb961373Update)

Vuln ID: 49560
Risk Level: High risk vulnerability  High WinMs09kb961373Update
Platforms: Microsoft DirectX: 8.1, Microsoft Windows 2000: SP4, Microsoft Windows 2003 Server: x64, Microsoft Windows XP: SP2, Microsoft Windows 2003 Server: SP1, Microsoft Windows XP: x64 Professional, Microsoft Windows 2003 Server: SP1 Itanium, Microsoft DirectX: 9.0, Microsoft Windows Server 2003: SP2, Microsoft Windows Server 2003: SP2 Itanium, Microsoft Windows Server 2003: SP2 x64, Microsoft Windows XP: SP2 x64 Professional, Microsoft Windows XP: SP3
Description:

Microsoft Knowledge Base Article 961373 is not installed, which could allow a remote attacker to exploit the following vulnerability:

Microsoft DirectShow, which is part of Microsoft DirectX, could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of specially-crafted compressed files. By persuading a victim to open a specially-crafted MJPEG file, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim.
Remedy:

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS09-011. See References.
False Positives:
False Negatives:
Required Permission: Windows login
Additional Information:

References:

Microsoft Security Bulletin MS09-011
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)
http://www.microsoft.com/technet/security/bulletin/ms09-011.mspx

IBM Internet Security Systems X-Force Database
Microsoft DirectShow MJPEG code execution
http://xforce.iss.net/xforce/xfdb/49559

ISS X-Force
Microsoft Windows Knowledge Base Article 961373 update is not installed
http://www.iss.net/security_center/static/49560.php

CVE CVE-2009-0084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0084
X-Force Logo
Know Your Risks		 Mitre.org CVE Logo
Common Vulnerabilties & Exposures