The Windows 0day against DirectShow (msvidctl.dll) has been moving like wildfire the past 24 hours. I’m only going to blitz a few links on this topic:
Metasploit has a module ready for it (can’t link while at work).
POC exploit that pops up calc.exe
another POC
A couple bits of yoinked code. I don’t recommend running these as they are both taken from live sites hosting bad stuff (the links here are just fine though!):
http://en.securitylab.ru/poc/extra/382195.php
http://4lt4l.blogspot.com/2009/07/directshow-0day-in-wild.html