The Windows 0day against DirectShow (msvidctl.dll) has been moving like wildfire the past 24 hours. I'm only going to blitz a few links on this topic:
Metasploit has a module ready for it (can't link while at work).
POC exploit that pops up calc.exe
A couple bits of yoinked code. I don't recommend running these as they are both taken from live sites hosting bad stuff (the links here are just fine though!):
by michael 07.07.09 at 11:26 AM in /general