ActiveX - DirectShow vulnerability

Here you can find everything you need to know about Dll-Files. You can also share your knowledge regarding the topic.

Moderators: DllAdmin, DLLADMIN ONLY

meb
Posts: 116
Joined: 04 Oct 2009, 23:00

ActiveX - DirectShow vulnerability

Post by meb »

9X does contain a version providing the same type of functions
msvidctl.dll - 470.5kb

http://www.microsoft.com/technet/securi ... 72890.mspx

"
What is the Microsoft Video ActiveX Control?
The Microsoft Video Control object is a Microsoft ActiveX control that
connects Microsoft DirectShow filters for use in capturing, recording,
and playing video. It is the main component that Microsoft Windows Media
Center uses to build filter graphs for recording and playing television
video."

"

basicjay
Posts: 2
Joined: 06 Jul 2009, 23:00

RE: ActiveX - DirectShow vulnerability

Post by basicjay »

Question MEB,
Would this execute automatically or require user?

basicjay
Posts: 2
Joined: 06 Jul 2009, 23:00

RE: ActiveX - DirectShow vulnerability

Post by basicjay »

Would this execute automatically (if disabled on browser) or require user?

thanatoid
Posts: 58
Joined: 24 Mar 2009, 00:00

Re: ActiveX - DirectShow vulnerability

Post by thanatoid »

MEB <MEB-not-here@hotmail.com> wrote in
news:#04G73p$JHA.3612@TK2MSFTNGP04.phx.gbl:

<SNIP>

You know, it occurs to me that almost all of your security alert
posts (I am /not/ disputing their usefulness) can be totally
ignored by people who do /not/ use IE/OE/WMP, regardless of
their Windows version.

Isn't that right?

Aren't practically ALL MS "security" alerts/updates directly
related to those 3 programs (and MS Office stuff)?

--
Lots of theoretical butchers are alleged and other bloody eyes
are suitable, but will Pam secure that?

thanatoid
Posts: 58
Joined: 24 Mar 2009, 00:00

Re: ActiveX - DirectShow vulnerability

Post by thanatoid »

MEB <MEB-not-here@hotmail.com> wrote in
news:u3gsdSy$JHA.4376@TK2MSFTNGP04.phx.gbl:

> On 07/07/2009 12:36 PM, thanatoid wrote:
>> MEB<MEB-not-here@hotmail.com> wrote in
>> news:#04G73p$JHA.3612@TK2MSFTNGP04.phx.gbl:
>>
>> <SNIP>
>>
>> You know, it occurs to me that almost all of your security
>> alert posts (I am /not/ disputing their usefulness) can be
>> totally ignored by people who do /not/ use IE/OE/WMP,
>> regardless of their Windows version.
>>
>> Isn't that right?
>>
>> Aren't practically ALL MS "security" alerts/updates
>> directly related to those 3 programs (and MS Office
>> stuff)?
>>
>
> Another Yes and NO answer.

<SNIP> for space...

VERY well explained, thank you.


--
Lots of theoretical butchers are alleged and other bloody eyes
are suitable, but will Pam secure that?

meb
Posts: 116
Joined: 04 Oct 2009, 23:00

Re: ActiveX - DirectShow vulnerability

Post by meb »

On 07/07/2009 10:41 PM, thanatoid wrote:
> MEB<MEB-not-here@hotmail.com> wrote in
> news:u3gsdSy$JHA.4376@TK2MSFTNGP04.phx.gbl:
>
>> On 07/07/2009 12:36 PM, thanatoid wrote:
>>> MEB<MEB-not-here@hotmail.com> wrote in
>>> news:#04G73p$JHA.3612@TK2MSFTNGP04.phx.gbl:
>>>
>>> <SNIP>
>>>
>>> You know, it occurs to me that almost all of your security
>>> alert posts (I am /not/ disputing their usefulness) can be
>>> totally ignored by people who do /not/ use IE/OE/WMP,
>>> regardless of their Windows version.
>>>
>>> Isn't that right?
>>>
>>> Aren't practically ALL MS "security" alerts/updates
>>> directly related to those 3 programs (and MS Office
>>> stuff)?
>>>
>> Another Yes and NO answer.
>
> <SNIP> for space...
>
> VERY well explained, thank you.
>
>

Hope it helps others understand what needs understood/reviewed....

--
~
--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Diagnostics, Security, Networking
http://peoplescounsel.org
The *REAL WORLD* of Law, Justice, and Government
_______

meb
Posts: 116
Joined: 04 Oct 2009, 23:00

Re: ActiveX - DirectShow vulnerability

Post by meb »

On 07/08/2009 12:21 AM, MEB wrote:
> On 07/07/2009 10:41 PM, thanatoid wrote:
>> MEB<MEB-not-here@hotmail.com> wrote in
>> news:u3gsdSy$JHA.4376@TK2MSFTNGP04.phx.gbl:
>>
>>> On 07/07/2009 12:36 PM, thanatoid wrote:
>>>> MEB<MEB-not-here@hotmail.com> wrote in
>>>> news:#04G73p$JHA.3612@TK2MSFTNGP04.phx.gbl:
>>>>
>>>> <SNIP>
>>>>
>>>> You know, it occurs to me that almost all of your security
>>>> alert posts (I am /not/ disputing their usefulness) can be
>>>> totally ignored by people who do /not/ use IE/OE/WMP,
>>>> regardless of their Windows version.
>>>>
>>>> Isn't that right?
>>>>
>>>> Aren't practically ALL MS "security" alerts/updates
>>>> directly related to those 3 programs (and MS Office
>>>> stuff)?
>>>>
>>> Another Yes and NO answer.
>>
>> <SNIP> for space...
>>
>> VERY well explained, thank you.
>>
>>
>
> Hope it helps others understand what needs understood/reviewed....
>

Just a FYI and BTW:

The attack has now been confirm in the wild [meaning out here].

Also the koobworm is now confirmed as found/spread on twitter...

What is meant by confirmed? It means it has appeared enough to be
considered as a real and grave threat, found by several people, and
cross-checked by others for valid activity.

The BTW:

Don't think mobile devices are immune from attack, there are several
new severe threats running rampant at the moment.

--
~
--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Diagnostics, Security, Networking
http://peoplescounsel.org
The *REAL WORLD* of Law, Justice, and Government
_______

jeff richards
Posts: 16
Joined: 24 Mar 2009, 00:00

Re: ActiveX - DirectShow vulnerability

Post by jeff richards »

"MEB" <MEB-not-here@hotmail.com> wrote in message
news:%236MJ%23xQAKHA.1208@TK2MSFTNGP03.phx.gbl...
> On 07/09/2009 09:48 PM, 98 Guy wrote:
>snip <
>>
>> The correct name is "koobface".
>
> Wrong.. the term koob"face" was invented when it affected FaceBook almost
> exclusively [it was called originally and inaccurately by some as The Koob
> FaceBook worm]. And that by a limited number of those who knew no better
> [desktop experts].

Hmmm. That would be yourself a month or so ago when you excitedly told us
all about "New variant of Koobface worm -change in tactics"

--
Jeff Richards
MS MVP (Windows - Shell/User)

meb
Posts: 116
Joined: 04 Oct 2009, 23:00

Re: ActiveX - DirectShow vulnerability

Post by meb »

On 07/16/2009 12:50 AM, Jeff Richards wrote:
> "MEB"<MEB-not-here@hotmail.com> wrote in message
> news:%236MJ%23xQAKHA.1208@TK2MSFTNGP03.phx.gbl...
>> On 07/09/2009 09:48 PM, 98 Guy wrote:
>> snip<
>>> The correct name is "koobface".
>> Wrong.. the term koob"face" was invented when it affected FaceBook almost
>> exclusively [it was called originally and inaccurately by some as The Koob
>> FaceBook worm]. And that by a limited number of those who knew no better
>> [desktop experts].
>
> Hmmm. That would be yourself a month or so ago when you excitedly told us
> all about "New variant of Koobface worm -change in tactics"
>

You might want to actually READ what you intend to comment on...

The short:

It gets modified,,, DUUUUHHHHHH...

I reported - and quoted FROM articles ... certainly you didn't limit
yourself to just those I presented, I'm sure you have an intense
interest in security issues and spent at least several more hours in
study... didn't you? And you DID spend at least a couple minutes looking
at the historical aspects, right??

--
~
--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Diagnostics, Security, Networking
http://peoplescounsel.org
The *REAL WORLD* of Law, Justice, and Government
_______

jeff richards
Posts: 16
Joined: 24 Mar 2009, 00:00

Re: ActiveX - DirectShow vulnerability

Post by jeff richards »

So do you count yourself amongst that "limited number of those who knew no
better [desktop experts]" or not? If you do, you may wish to restate your
response to the use of the term "koobface" in more measured terms. If you
don't, I would love to see the explanation of why not.
--
Jeff Richards
MS MVP (Windows - Shell/User)
"MEB" <MEB-not-here@hotmail.com> wrote in message
news:u2G3nddBKHA.1340@TK2MSFTNGP05.phx.gbl...
> On 07/16/2009 12:50 AM, Jeff Richards wrote:
>> "MEB"<MEB-not-here@hotmail.com> wrote in message
>> news:%236MJ%23xQAKHA.1208@TK2MSFTNGP03.phx.gbl...
>>> On 07/09/2009 09:48 PM, 98 Guy wrote:
>>> snip<
>>>> The correct name is "koobface".
>>> Wrong.. the term koob"face" was invented when it affected FaceBook
>>> almost
>>> exclusively [it was called originally and inaccurately by some as The
>>> Koob
>>> FaceBook worm]. And that by a limited number of those who knew no
>>> better
>>> [desktop experts].
>>
>> Hmmm. That would be yourself a month or so ago when you excitedly told
>> us
>> all about "New variant of Koobface worm -change in tactics"
>>
>
> You might want to actually READ what you intend to comment on...
>
> The short:
>
> It gets modified,,, DUUUUHHHHHH...
>
> I reported - and quoted FROM articles ... certainly you didn't limit
> yourself to just those I presented, I'm sure you have an intense interest
> in security issues and spent at least several more hours in study...
> didn't you? And you DID spend at least a couple minutes looking at the
> historical aspects, right??
>
> --
> ~
> --
> MEB
> http://peoplescounsel.org/ref/windows-main.htm
> Windows Diagnostics, Security, Networking
> http://peoplescounsel.org
> The *REAL WORLD* of Law, Justice, and Government
> _______
>
>

meb
Posts: 116
Joined: 04 Oct 2009, 23:00

Re: ActiveX - DirectShow vulnerability

Post by meb »

On 07/16/2009 04:44 AM, Jeff Richards wrote:
> So do you count yourself amongst that "limited number of those who knew no
> better [desktop experts]" or not? If you do, you may wish to restate your
> response to the use of the term "koobface" in more measured terms. If you
> don't, I would love to see the explanation of why not.

Let's make this a new discussion rather than one of those tacked on
ridiculous discussions parties such as yourself engage in.
Why don't you begin the discussion by explaining your depth of
security knowledge, the extent you have partaken in to inform the group
of potential issues, and why you chose this time period to post this
garbage.


I'll wait...

--
~
--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Diagnostics, Security, Networking
http://peoplescounsel.org
The *REAL WORLD* of Law, Justice, and Government
_______

meb
Posts: 116
Joined: 04 Oct 2009, 23:00

Re: ActiveX - DirectShow vulnerability

Post by meb »

On 07/16/2009 08:05 AM, 98 Guy wrote:
> MEB wrote:
>
>> May 15th, 2009
>> 56th variant of the Koobface worm detected
>
> It's being called a worm, but it really isin't.
>
> The central definition of a worm is that it can spread itself from one
> PC directly to another without needing an intermediary host or server.
>
> Koobface, like the average trojan, requires a third PC to act as a
> server. People download and install koobface from these servers
> (believing them to be a video codec).
>
> Your use of the term or name "Koob worm" is therefore incorrect.

Then I would suggest you direct your complaint towards the parties in
control of the classification, data collection and dissemination by
providing them with your briefed arguments regarding the necessity to
change the classification and naming, and the standards applied, to suit
your definitions and desires.

Otherwise, you might want to stop being an idiot...

Personally I don't think either one of the above will occur.

--
~
--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Diagnostics, Security, Networking
http://peoplescounsel.org
The *REAL WORLD* of Law, Justice, and Government
_______

jeff richards
Posts: 16
Joined: 24 Mar 2009, 00:00

Re: ActiveX - DirectShow vulnerability

Post by jeff richards »

I think you are deliberately misunderstanding my point.

In a prior post in this thread you used the term "koobworm". You got a
response telling you that the correct name was "koobface". Your response to
that correction included the comment "Wrong.. the term koob"face" was
invented when it affected FaceBook almost exclusively [it was called
originally and inaccurately by some as The Koob FaceBook worm]. And that by
a limited number of those who knew no better [desktop experts]."

I then noted that on May 21st you posted here a message with the subject
line "New variant of Koobface worm -change in tactics".
The worm was then about a year old and was up to 56 variants. It had been
detected (according the item quoted in your post) on at least eight social
networking sites. So it was not new, and it clearly was affecting much more
than FaceBook.

You will see that there is an anomaly here: on May 21st you are using the
term "Koobface" and on July 10th you are telling us that it is a term used
by "those who knew no better [desktop experts].". So I wondered whether you
counted yourself in that group or not, and if not why not. The
supplementary question would be, of course, why did you quote as an
apparently authoritative source an item that uses the term "Koobface" when
you now assert that use of that term suggests the person doesn't know what
they are talking about? Are your sources reliable or not?

That was the question I put and which you seem to be avoiding. The question
has nothing to do with my understanding of PC security.
--
Jeff Richards
MS MVP (Windows - Shell/User)
"MEB" <MEB-not-here@hotmail.com> wrote in message
news:eH7$JRkBKHA.5020@TK2MSFTNGP04.phx.gbl...
> On 07/16/2009 04:44 AM, Jeff Richards wrote:
>> So do you count yourself amongst that "limited number of those who knew
>> no
>> better [desktop experts]" or not? If you do, you may wish to restate
>> your
>> response to the use of the term "koobface" in more measured terms. If
>> you
>> don't, I would love to see the explanation of why not.
>
> Let's make this a new discussion rather than one of those tacked on
> ridiculous discussions parties such as yourself engage in.
> Why don't you begin the discussion by explaining your depth of security
> knowledge, the extent you have partaken in to inform the group of
> potential issues, and why you chose this time period to post this garbage.
>
>
> I'll wait...
>
> --
> ~
> --
> MEB
> http://peoplescounsel.org/ref/windows-main.htm
> Windows Diagnostics, Security, Networking
> http://peoplescounsel.org
> The *REAL WORLD* of Law, Justice, and Government
> _______
>
>

Post Reply