In some of the multimedia MSRC bulletins that have been released there is a workaround listed about changing ACL’s on Quartz.dll. So, what exactly breaks when we ACL Quartz.dll?
Quartz.dll is a core component of the DirectShow framework. Originally a component of DirectX, DirectShow eventually took on a life of its own as multimedia recording and playback evolved. The DirectShow framework outlines a plug-in model for processing and managing an end to end content pipeline. Many applications have taken advantage of this pipeline. Some examples include Windows Media Player, Windows Media Encoder, Windows Movie-Maker, Window Media Center, as well as many third party multimedia applications such as video camera applications.
Therefore, after ACLing quartz.dll, applications that count on DirectShow functionality will not work properly. This could include, but is not limited to tasks such as audio/video capture and playback of multiple media types. For example, in Windows XP, DirectShow is used for playback of all file types in Windows Media Player. When Quartz.dll is ACLed, everything breaks: no file can be played back by Windows Media Player.
Things turn a little bit more complex in Windows Vista. Starting with Windows Vista, the playback experience has been redesigned to take advantage of new OS features. As such, ACL’ing quartz.dll will have the same overall impact as previously mentioned on apps that rely on DirectShow. However, some apps such as Windows Media Player that can also take advantage of these new OS features may still have some scenarios where content playback will work.
- Security Vulnerability Research & Defense Bloggers
*Postings are provided “AS IS” with no warranties, and confers no rights.*