Microsoft Security Advisory: Vulnerability in Microsoft DirectShow could allow remote code execution

Article translations Article translations
Article ID: 971778 - View products that this article applies to.
Expand all | Collapse all

On This Page

Introduction

Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/advisory/971778.mspx


To have us workaround the issue discussed in the security advisory for you, go to the "Fix it for me" section. To work around this problem yourself, go to the "Let me fix it myself" section.

Fix it for me

To implement the workaround that disables QuickTime parsing automatically on a computer that is running Windows 2000, Windows XP or Windows Server 2003, click the Fix this problem link under Enable workaround. To undo the workaround, click the Fix this problem link under Disable workaround. In either scenario, click Run in the File Download dialog box, and follow the steps in the Fix it wizard.


Collapse this tableExpand this table
Enable workaroundDisable workaround
Fix this problem
Microsoft Fix it 50256
Fix this problem
Microsoft Fix it 50257


Note this wizard may be in English only; however, the automatic fix also works for other language versions of Windows.

Note if you are not on the computer that has the problem, save the Fix it solution to a flash drive or a CD and then run it on the computer that has the problem.

Next, go to the "Did this fix the problem?" section.

Let me fix it myself

To implement the workaround that disables QuickTime parsing yourself, use one of the following methods:
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows

Using the interactive method

  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then click the following subkeys in the registry:
    • For 32-bit Windows systems:
      HKEY_CLASSES_ROOT\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}
    • For 64 bit Windows Systems:
      HKEY_CLASSES_ROOT\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}

      HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}
  3. On the File menu, click Export.
  4. In the Export Registry File dialog box, type Quicktime_Parser_Backup.reg, and then click Save.

    Note By default, this will create a backup of this registry key in the My Documents folder.
  5. Press DELETE on the keyboard to delete the registry key. When prompted to delete the registry key in the Confirm Key Delete dialog box, click Yes.
  6. Exit Registry Editor.

Using a managed deployment script

  1. Create a backup copy of the registry keys by using a managed deployment script that contains the following text:
    • For 32-bit Windows systems:
      Regedit.exe /e Quicktime_Decoder_Backup.reg
      HKEY_CLASSES_ROOT\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}
    • For 64 bit Windows Systems:
      Regedit.exe /e Quicktime_Decoder_Backup.reg
      HKEY_CLASSES_ROOT\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A} 
      HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}
  2. Copy the following text to a text file, and then save the file by using a .REG extension. For example, save the file as "Disable_Quicktime_Parser.reg":
    • For 32-bit Windows systems:
      Windows Registry Editor Version 5.00
      [-HKEY_CLASSES_ROOT\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
    • For 64 bit Windows Systems:
      Windows Registry Editor Version 5.00
      [-HKEY_CLASSES_ROOT\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
      [-HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
  3. On the target computer, type the following command from an elevated command prompt to run the registry script:
    Regedit.exe /s Disable_Quicktime_Parser.reg

Impact of the workaround

QuickTime content playback will be disabled.

How to undo the workarounds

How to undo the interactive method
  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. On the File menu, click Import.
  3. In the Import Registry File dialog box, select Quicktime_Parser_Backup.reg, and then click Open.
  4. Exit Registry Editor, and then restart the computer.
How to undo the managed deployment script
On the target computer, type the following command from an elevated command prompt to restore the original state:
Regedit.exe /s Quicktime_Parser_Backup.reg

Did this fix the problem?

Check whether the registry key is created or modified. If the registry key is created or modified, you are finished with this article. If the registry key is not created or modified, you can contact support.

Properties

Article ID: 971778 - Last Review: July 8, 2009 - Revision: 4.2
APPLIES TO
  • Microsoft Windows Server 2003 Service Pack 1, when used with:
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 Service Pack 2, when used with:
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Server 2003, Datacenter x64 Edition
    • Microsoft Windows Server 2003, Enterprise x64 Edition
    • Microsoft Windows Server 2003, Standard x64 Edition
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows XP Service Pack 2, when used with:
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional
  • Microsoft Windows XP Service Pack 3, when used with:
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional
  • Microsoft Windows 2000 Service Pack 4, when used with:
    • Microsoft Windows 2000 Advanced Server
    • Microsoft Windows 2000 Datacenter Server
    • Microsoft Windows 2000 Professional Edition
    • Microsoft Windows 2000 Server
Keywords: 
kbmsifixme kbfixme kbexpertiseinter kbinfo kbsecadvisory kbsecurity kbsecvulnerability kbsurveynew kbregistry KB971778

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com