Samo telegrafski,otkriven je sigurnostan propust u DirectX za XP i operativne sustave prije XP-a. Vista i W7 nisu ugrozeni
Sudeci prema napisu ovo nije nimali naivan propust pogotovo sto nije propust browsera vec samog OS-a odnosno DirectShow componente.
0-day Microsoft DirectX vulnerability discovered for XP
Microsoft warned yesterday that hackers are using QuickTime media files to exploit an unpatched 0-day vulnerability in DirectShow.
In a posting on Microsoft's security response center blog company officials confirmed the new vulnerability affects Microsoft DirectShow in Windows 2000, Windows XP and Windows Server 2003, under limited attack.
After initial investigation Microsoft have confirmed that the vulnerable code was removed as part of their work building Windows Vista. This means that Windows Vista and versions of Windows since Windows Vista (Windows Server 2008, Windows 7) are not vulnerable.
An attacker would try and exploit the vulnerability by crafting a specially formed video file and then posting it on a website or sending it as an attachment in e-mail. While this isn't a browser vulnerability, because the vulnerability is in DirectShow, a browser-based vector is potentially accessible through any browser using media plug-ins that use DirectShow.
Link i workaround