Although Microsoft has not spelled out exactly what it will patch with the two "out-of-band" updates, the term for security updates released outside the company's once-a-month schedule, earlier this month researchers pointed fingers at the Active Template Library (ATL), a code "library" used not only by Microsoft's own developers, but also by third-party software programmers to access some features within Windows.
Two German researchers; Thomas Dullien, the CEO and head of research at Zynamics GmbH, and Dennis Elser -- dug into the bug within the ActiveX control, the "msvidctl.dll" file, that streams video content. They found that it stemmed from a simple programming mistake in a function called "ATL::CComVariant::ReadFromStream."
The link for this article located at CSO Online is no longer available.