MPEG2-BDATuningModelMPEG2TuneRequest exploits ** tsunami attack waves in China

Security vendor 360 in China had mentioned that lots of their country legitimate websites were compromised to host Microsoft MPEG2 0Day attack. Around 967 website and 7740 IP address were compromised according 360, and number visits still increasing above 150663. The target systems mainly on platform Windows XP version compare to Vista, Windows 2008 or Windows 7. Although this exploits has similarity to DirectShow and triggered through browsers. However, this exploit not require any media files to trigger execution and must prefered among attacker.

The exploit was disclosed in few security websites blog expecially in China but not in milw0rm or packetsecurity yet.

Exploits code can be obtain from:

http://xeye.us/blog/2009/07/microsoft-directshow-mpeg2tunerequest-stack-overflow-exploit/

Coming....i will share more on how from the legitimate website to malicious website.