Tuesday, July 7, 2009

Vulnerable Microsoft's Video ActiveX Control Allows Remote Access [ 0-day attacks]

Vulnerable Microsoft's Video ActiveX Control Allows Remote Access [ 0-day attacks]

As made public on June 6'2009, Microsoft's Video ActiveX has Remote Code Exploit threat, where using a malformed web-page Remote code execution could be enabled on the target machine. Cybercriminals are using the vulnerability to install a data stealing trojan on target machine affecting Microsoft Directshow.

If the target user is using IE, then attacker could get local user rights using exploits by without any user-intervention. So, the CyberCriminal just need to pursue victim to view it's malformed web-page and the victim's machine gets compromised.

Microsoft states it is aware of the vulnerability and suggests Kill-bit MPEG2TuneRequest ActiveX Control Object (CLSID 0955AC62-BF2E-4CBA-A2B9-A63F772D46CF) as the workaround to avoid the threat.
The defense it would provide is more than the minor side-effects it would cause.

To Avoid Threat
This kill-bit to avoid the threat can be automatically applied to your windows machine by "Microsoft Fix It" from online utility provided by Microsoft.com @ http://support.microsoft.com/kb/972890

Microsoft's Link : Enable The Fix || Workaround
Microsoft's Link : Disable The Fix || Workaround

Data 'bout Threat
Can be exploited via any kind of HTML document, a website or e-mail, etc. . This vulnerability is not a risk if you are using Windows Vista.

. 967 Chinese websites replorted to successive redirecting to finally download a JPG file containing the exploit, detected by Trend Micro as JS_DLOADER.BD., that downloads another malware detected as WORM_KILLAV.AI. This malware disables and terminates AV processes, and drops other malware on the affected system.

Detailed Info from Microsoft
Security Advisory

1 comment:

  1. Here's a blog post about websites getting hacked and their owners blaming hosting providers - the thing is, anyone other than the hosting providers are to blame for these infections.

    http://www.wewatchyourwebsite.com/wordpress/?p=181

    ReplyDelete