There's a vulnerability in Microsoft's DirectShow (DirectX). It affects Windows 2000 / XP / Server 2003.



The vulnerability exploits quartz.dll QuickTime parsing. However, you don't have to have QuickTime installed.



Microsoft has some workarounds to offer.



See Microsoft Security Advisory 971778 for details.



Microsoft is currently reporting limited use against this vulnerability in the wild.

Update: Microsoft has published a "Fix It" tool that automates the registry changes.

Note: Our Exploit Shield technology — which is integrated into our Internet Security Technology Preview — heuristically blocks this vulnerability from being exploited.