Secunia

Multiple vulnerabilities have been reported in Microsoft DirectX, which can be exploited by malicious people to compromise a user's system.

1) An error in quartz.dll when processing QuickTime media files can be exploited to corrupt memory by writing a single NULL-byte to an arbitrary memory location.

NOTE: According to Microsoft, the vulnerability is currently being actively exploited.

2) An input validation error in quartz.dll when updating a pointer during parsing of an certain atom's NumberOfEntries field in a QuickTime media files can be exploited to corrupt memory.

3) An input validation error in quartz.dll when parsing certain atom length records in QuickTime media files can be exploited to corrupt memory.

Successful exploitation of the vulnerabilities allows execution of arbitrary code.

Solution
Apply patches.
Further details available in Customer Area

Provided and/or discovered by
1) Reported as a 0-day.
2) The vendor credits Yamata Li, Palo Alto Networks.
3) Independently reported by:
* An anonymous person via ZDI.
* Aaron Portnoy, TippingPoint DVLabs.
* Thomas Garnier, SkyRecon.
* Yamata Li, Palo Alto Networks.

Changelog
Further details available in Customer Area

Original Advisory
MS09-028 (KB971633):
http://www.microsoft.com/technet/security/Bulletin/MS09-028.mspx

Microsoft (KB971778):
http://www.microsoft.com/technet/security/advisory/971778.mspx

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-045/

TippingPoint DVLabs:
http://dvlabs.tippingpoint.com/advisory/TPTI-09-05

Deep Links
Links available in Customer Area