Welcome to AppFail
You last visited: 2012-05-21

Got a Tip or Lead for us?

If you know of a site or app that has failed, tell us right away via PBJ, via Twitter or via this contact form. If we use your submission we'll attribute and link back to you.

Keep from sinking on the failboat

Keep your head above water by keeping on top of the latest failures. Follow us on Twitter or subscribe to our RSS feed

Twitter Feed

appfail: RT @allanjude: TechSNAP Episode 14 is live. Show starts in ~ 15 minutes. Watch live @ http://jblive.tv or catch up on old episodes @ htt ...
appfail: RT @allanjude: To reiterate @dropbox in bad, do not use: http://bit.ly/tsnap1 http://bit.ly/tsnap3 http://bit.ly/tsnap6 http://bit.ly/ts ...
appfail: RT @ChrisLAS: We're LIVE with TechSNAP: http://ping.fm/4692f First up it's the tech news of the week, then we jump into bitcoin & we hav ...
appfail: RT @allanjude: TechSNAP is about to go LIVE! Check it out http://jblive.tv/ - We have the news plus your questions answered and more.
appfail: RT @allanjude: TechSNAP will be live in 30 minutes! http://jblive.tv This week we talk about the DirectAdmin hack, more news from Sony, ...

Breaking Security news

Welcome to AppFail

Microsoft DirectX remote failure

Posted on 2009-07-06

ttackers compromised thousands of Web sites over the weekend to host code that exploits a previously unknown vulnerability in DirectShow, security experts said on Monday.

The attacks, first reported by Danish security researchers at CSIS Security Group, use a flaw in the way that Microsoft's Windows operating system handles TV tuner requests through an ActiveX control.

"An attacker who successfully exploited this vulnerability could gain the same user rights as the local user," Microsoft stated in an advisory released on Monday. "When using Internet Explorer, code execution is remote and may not require any user intervention. We are aware of attacks attempting to exploit the vulnerability."

The code does not serve a useful purpose in Internet Explorer, so Microsoft recommended that users remove the ActiveX control from the browser.

A month ago, Microsoft warned of a different vulnerability in its DirectX multimedia library. A number of Chinese Web sites have posted the exploit for the code, according to the SANS Internet Storm Center.

Microsoft's advisory offers workarounds for the issue, including setting the killbit for the ActiveX control.

By: Michael Spencer

blog comments powered by Disqus

Cuiusvis hominis est errare; nullius nisi insipientis in errore perseverare - Any man can make a mistake; only a fool keeps making the same one.

Digg Proof Hosting
The key to surviving Digg and Slashdot is Infrastructure. You can't get it from a regular web host, it requires experience. The High Load Hosting Experts at ScaleEngine can make your site thrive, and avoid having your site featured on AppFail.

Cyber Security Alerts

Page Generated in 285ms