sale-bubble sign-up-large

30% Savings on all Shared Hosting packages and billing cycles
Offer is valid for any shared hosting package & billing cycle including 1, 2 and 3 year accounts. Offer is limited to 1 per customer, is a one-time discount and for new accounts only. To take advantage of the offer use PROMO CODE: SAVE30 when placing your order.

Microsoft Video ActiveX Control Vulnerability

Monday, 06 July 2009 20:40

Blog - Security

National Cyber Alert System

Technical Cyber Security Alert TA09-187A

Microsoft Video ActiveX Control Vulnerability

 

 

Original release date: July 06, 2009

Source: US-CERT

Systems Affected

* Microsoft Windows XP

* Microsoft Windows Server 2003

 

Overview

 

An unpatched vulnerability in the Microsoft Video ActiveX control

is being used in attacks.

 

 

I. Description

 

Microsoft has released Security Advisory (972890) to describe

attacks on a vulnerability in the Microsoft Video ActiveX control.

Because no fix is currently available for this vulnerability,

please see the Security Advisory and US-CERT Vulnerability Note

VU#180513 for workarounds.

 

 

II. Impact

 

A remote, unauthenticated attacker could execute arbitrary code

with the privileges of the victim user.

 

 

III. Solution

 

Apply workarounds

Microsoft has provided workarounds for this vulnerability in

Security Advisory (972890). Additional details and workarounds are

provided in US-CERT Vulnerability Note VU#180513.

The most effective workaround for this vulnerability is to set kill

bits for the Microsoft Video ActiveX control, as outlined in the

documents noted above. Other workarounds include disabling

ActiveX, as specified in the Securing Your Web Browser document,

and upgrading to Internet Explorer 7 or later, which can help

mitigate the vulnerability with its ActiveX opt-in feature.

 

IV. References

 

* US-CERT Vulnerability Note VU#180513 -

<http://www.kb.cert.org/vuls/id/180513>

 

* Microsoft Security Advisory (972890) -

<http://www.microsoft.com/technet/security/advisory/972890.mspx>

 

* Securing Your Web Browser -

<http://www.us-cert.gov/reading_room/securing_browser/>

 

 


busy



Disclosure: Content posted to this site is in no way an endorsement for a product or service and may result in compensation from the vendor. Some content contained in this site is syndicated content.