DIRECTSHOW, a framework for playing various media types, is being exploited in the wild in older versions of Windows, Microsoft has warned.
In a statement, the Vole said that the attacks use malicious Quicktime media files and can cause remote code execution in the context of the logged-in user.
There is no patch for the vulnerability yet, but Microsoft has created a workaround registry script that you can download and run, at the Knowledge Base Article 971778.
The flaw apparently is in Directshow versions 7, 8 and 9 in Windows 2000, Windows XP and Windows Server 2003. Windows Vista, Windows Server 2008 and Windows 7 don't seem to have the problem. µ