Microsoft Video ActiveX Control Vulnerability Exploited in the Wild
Article by George Norman
On 07 Jul 2009
A zero-day vulnerability affecting Microsoft Video ActiveX Control has been discovered in the wild over the last couple of days by several independent security companies. Microsoft has announced that it is aware of the problem and it is also aware of the fact that attacks in the wild attempting to exploit this vulnerability have been detected. Just to put things in perspective, if a person with malicious intent successfully exploits the Microsoft Video ActiveX Control vulnerability, then that person could gain the same user rights as the local user. If you are using Internet Explorer to browse the web, the attacker could perform remote code execution with no user intervention.

“We have just posted Microsoft Security Advisory 972890 that discusses new, limited attacks against a Microsoft Video ActiveX Control affecting Windows XP and Windows Server 2003. Specifically, we’re aware of a code execution vulnerability within this control that can enable an attacker to run code as the logged-on user if they browse to a malicious site. We have an investigation into this issue under way as part of our Software Security Incident Response Process (SSIRP) and are working to develop a security update to address the issue,” explained Christopher Bud, on behalf of the Microsoft Security Response Center (MSRC).


According to MSRC Engineering team member Chengyun Chu, there is an attack vector where the user needs only visit a compromised site to get owned. The user would only have to be convinced to access a malicious web page, or a legitimate web page would have to be compromised – that is all, no other interaction is required. Until Microsoft issues a fix, there is only one workaround for this vulnerability: you have to set all kill-bits associated with the vulnerability.

“Kill-bit MPEG2TuneRequest ActiveX Control Object (CLSID 0955AC62-BF2E-4CBA-A2B9-A63F772D46CF) is the workaround we recommend to mitigate the current attack in the wild. During the investigation, we identified that none of the ActiveX Control Objects hosted by msvidctl.dll are meant to be used in IE. Therefore, we recommend to kill-bit all of these controls as a defense-in-depth practice. The side effect is minimal,” explained Chengyun Chu.

The workaround mentioned above can also be applied automatically – just click here.
Microsoft Security Advisory 972890 can be viewed here.

Tags: Microsoft, MSRC, Video ActiveX Control Object, Vulnerability
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Microsoft Video ActiveX Control Vulnerability Exploited in the Wild
HTML Linking Code