Microsoft Video ActiveX Control Vulnerability Exploited in the Wild

Article by George Norman (Cybersecurity Editor)

on 07 Jul 2009

A zero-day vulnerability affecting Microsoft Video ActiveX Control has been discovered in the wild over the last couple of days by several independent security companies. Microsoft has announced that it is aware of the problem and it is also aware of the fact that attacks in the wild attempting to exploit this vulnerability have been detected. Just to put things in perspective, if a person with malicious intent successfully exploits the Microsoft Video ActiveX Control vulnerability, then that person could gain the same user rights as the local user. If you are using Internet Explorer to browse the web, the attacker could perform remote code execution with no user intervention.

“We have just posted Microsoft Security Advisory 972890 that discusses new, limited attacks against a Microsoft Video ActiveX Control affecting Windows XP and Windows Server 2003. Specifically, we’re aware of a code execution vulnerability within this control that can enable an attacker to run code as the logged-on user if they browse to a malicious site. We have an investigation into this issue under way as part of our Software Security Incident Response Process (SSIRP) and are working to develop a security update to address the issue,” explained Christopher Bud, on behalf of the Microsoft Security Response Center (MSRC).

According to MSRC Engineering team member Chengyun Chu, there is an attack vector where the user needs only visit a compromised site to get owned. The user would only have to be convinced to access a malicious web page, or a legitimate web page would have to be compromised – that is all, no other interaction is required. Until Microsoft issues a fix, there is only one workaround for this vulnerability: you have to set all kill-bits associated with the vulnerability.

“Kill-bit MPEG2TuneRequest ActiveX Control Object (CLSID 0955AC62-BF2E-4CBA-A2B9-A63F772D46CF) is the workaround we recommend to mitigate the current attack in the wild. During the investigation, we identified that none of the ActiveX Control Objects hosted by msvidctl.dll are meant to be used in IE. Therefore, we recommend to kill-bit all of these controls as a defense-in-depth practice. The side effect is minimal,” explained Chengyun Chu.

The workaround mentioned above can also be applied automatically – just click here.
Microsoft Security Advisory 972890 can be viewed here.


Latest News


Sony's 'Attack of the Blockbusters Sale' Slashes Prices in Half for a Ton of PS4 Games

17 Aug 2017

How Samsung's New T5 Compares to the Old T3 Portable SSD (Infographic)

17 Aug 2017

See all