:: Deepquest ::

Thousands of legitimate Web sites hacked over the weekend are launching drive-by attacks using an exploit of a second critical unpatched vulnerability in Windows’ DirectShow component, a Danish security company said today.According to CSIS Security Group, the bug is in an ActiveX control, the “msvidctl.dll” file, that streams video content.

“CSIS has captured more systematic drive-by attacks exploiting a vulnerability in Microsoft DirectShow,” the company warned on its Web site. “Thousands of Web sites have been compromised over the weekend and malicious script has been insert[ed],” it added (Google Translate translation).

The script re-routes users to a malicious site, which in turn downloads and launches a multi-exploit hacker toolkit that includes the DirectShow attack code. DirectShow is a part of Windows’ DirectX graphics infrastructure.

Windows 2000, XP and Server 2003 are all vulnerable to attack, CSIS said.

Another Danish security firm, Copenhagen-based Secunia, ranked the vulnerability as “Extremely critical,” its highest threat rating. Secunia had no additional information about the bug, however.

This newly-exploited vulnerability is the second unpatched DirectShow bug to surface in the last five weeks. In late May, Microsoft issued a security advisory that reported hackers were exploiting a different DirectShow bug, this one in its QuickTime media parser. A week ago, Symantec said that attack code for the QuickTime parser vulnerability had been added to a multi-exploit toolkit, and that usersshould expect more attacks.

Hackers have been using the QuickTime parser bug since May, Microsoft has acknowledged.

more from Computer World