Thousands of legitimate Web sites hacked over the weekend are launching drive-by attacks using an exploit of a second critical unpatched vulnerability in Windows’ DirectShow component, a Danish security company said today.According to CSIS Security Group, the bug is in an ActiveX control, the “msvidctl.dll” file, that streams video content.<\/p>\n
“CSIS has captured more systematic drive-by attacks exploiting a vulnerability in Microsoft DirectShow,” the company warned on its Web site. “Thousands of Web sites have been compromised over the weekend and malicious script has been insert[ed],” it added (Google Translate translation<\/a>).<\/p>\n The script re-routes users to a malicious site, which in turn downloads and launches a multi-exploit hacker toolkit that includes the DirectShow attack code. DirectShow is a part of Windows’ DirectX graphics infrastructure.<\/p>\n Windows 2000, XP and Server 2003 are all vulnerable to attack, CSIS said.<\/p>\n Another Danish security firm, Copenhagen-based Secunia, ranked the vulnerability as\u00a0“Extremely critical,”<\/a> its highest threat rating. Secunia had no additional information about the bug, however.<\/p>\n This newly-exploited vulnerability is the second unpatched DirectShow bug to surface in the last five weeks. In late May, Microsoft issued a security advisory that reported\u00a0hackers were exploiting<\/a> a different DirectShow bug, this one in its QuickTime media parser. A week ago, Symantec said that attack code for the QuickTime parser vulnerability had been added to a multi-exploit toolkit, and that usersshould expect more attacks<\/a>.<\/p>\n Hackers have been using the QuickTime parser bug since May, Microsoft has acknowledged.<\/p>\n