SkyRecon Identifies Two Vulnerabilities in Windows DirectShow

Cranston, Rhode Island (PressExposure) July 18, 2009 -- A security breach exists when opening certain types of multimedia video files using Windows Media Player. Exploitation of these vulnerabilities could allow remote code execution if a user opened a specially crafted QuickTime media file. This exploit can be accomplished locally or through the Internet, but only if the attacker persuades users to visit a malicious website that will be used to exploit the vulnerabilities.

An attacker who successfully exploited these vulnerabilities could have total control of a compromised system and gain the same user rights as the local user. He/she could then install programs; view, change, or delete data; and even create new accounts with full user rights. As a consequence, users whose accounts are configured to operate with administrative user rights would suffer more impact than users who have fewer user rights on the system.

Upon identification of the DirectShow vulnerabilities leading to a buffer overflow, engineers at SkyRecon confirmed that StormShield detects and blocks attacks targeting the Microsoft vulnerabilities without the need for patches.

StormShield ‘Protection against Overflow’ option simply has to be set to ‘Critical’ or ‘High’.

Organizations that rely only on perimeter security technologies are vulnerable to attack.

Securing endpoint using a Host-based Intrusion Prevention System (HIPS) is the only way to be protected against these attacks.

“Once again, StormShield’s efficiency and performance are proven. Our solution’s automatic protections block the attacks aiming at exploiting these vulnerabilities and secure our customers’ systems and data without the need for patches,” said Yann Torrent, Director of Research and Development at SkyRecon Systems, Inc. “On top of developing advanced endpoint security solutions, SkyRecon keeps on striving to provide Microsoft with information we uncover in order to help them in their drive to optimize the security of their operating systems and supporting applications. We were incidentally the first to work with Microsoft to make up for these vulnerabilities.”

The vulnerabilities affect Windows 2000 Service Pack 4, Windows XP and Windows Server 2003 operating systems. Windows Vista and Windows Server 2008 are not affected. More information regarding the vulnerabilities and Microsoft Security Bulletin can be found at:

-- Microsoft Security Bulletin MS09-028 – Critical vulnerabilities Accredited to Thomas Garnier, SkyRecon Systems

About StormShield Security Suite StormShield Security Suite is a unified endpoint security, data protection, and access control solution. It has been developed with the specific intention of bringing together the operational continuity requirements of the business and its IT systems, with the need to properly protect those operations using a single-sourced range of protection facilities.

About SkyRecon Systems Inc. Founded in 2003, SkyRecon Systems is a leading global provider of endpoint protection platforms. With its award-winning endpoint security solutions, organizations are able to ensure protection and enforce policy for endpoint systems, applications, data and users upon which their business relies. The company is a contributing member of the SecureIT Alliance, has received the prestigious Red Herring 100 Award, and has been named "Entrepreneurial Security Company of the Year” by Frost & Sullivan.

More information about SkyRecon can be obtained by visiting or by calling (877) 220-4178.

# # #

Press Contact: Sean Martin, CISSP (877) 220-4178

SkyRecon, the SkyRecon logo and StormShield are registered trademarks of SkyRecon Systems Inc. All other product or service names are the property of their respective owners.

About, Inc

200 Cannon St. Ste 138
Cranston, RI 02920

Press Release Source:,_Inc.html

Press Release Submitted On: July 17, 2009 at 5:47 pm
This article has been viewed 10258 time(s).