Your Ad Here Your Ad Here
Results 1 to 7 of 7

Thread: Microsoft warns of hole in Video ActiveX control

  1. #1
    Darth Sushi's Avatar Sushi Lord
    Join Date
    Sep 2002
    Location
    Corisant
    Posts
    5,813
    Microsoft warns of hole in Video ActiveX control

    by Elinor Mills, July 6, 2009 10:48 AM PDT

    " Microsoft on Monday warned of a vulnerability in its Video ActiveX Control that could allow an attacker to take control of a PC if the user visits a malicious Web site.

    There have been limited attacks exploiting the hole, which affects Windows XP and Windows Server 2003, Microsoft said on its Security Response Center blog.

    This is the second DirectShow security hole Microsoft has announced in the past few months. The company has yet to provide a security update for a vulnerability announced in May that involves the way DirectX handles QuickTime files.

    Since there are no by-design uses for the ActiveX Control within Internet Explorer, Microsoft is recommending that users implement a workaround outlined in the security advisory. Customers can automatically implement the workaround by following the instructions under "Fix It For Me" in the Knowledge Base article for advisory number 972890 on the Microsoft support site.

    Even though Windows Vista and Windows Server 2008 are not affected by the vulnerability, Microsoft is recommending that users of those products also use the workaround.

    Microsoft is working on a security update and will release it when the quality is at the appropriate level for broad distribution, the company said.

    The Microsoft Video Control object is an ActiveX control that connects Microsoft DirectShow filters for use in capturing, recording, and playing video. The control is the main component used in Windows Media Center for building filter graphs for recording and playing television video.

    When it is used in IE, the control can corrupt the system state in such a way that arbitrary code could be run by an attacker. If the user is logged in with administrative rights, the attacker could take complete control of the system.

    Antivirus vendor Symantec said it was seeing the flaw being exploited in China and other parts of Asia and cited reports that indicate thousands of Web sites are hosting the exploit.

    Internet Explorer versions 6 and 7 are at risk, but people running IE 8 are not vulnerable, Symantec said. "

    Source: http://news.cnet.com/8301-1009_3-10280141-83.html
    Last edited by Hairbautt; 07-07-2009 at 01:57 PM. Reason: added image.

  2. News (Archive)   -   #2
    iLOVENZB's Avatar FST Crew BT Rep: +1
    Join Date
    Sep 2008
    Location
    Land gurt by sea
    Posts
    9,192
    "Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms, munching magic pills and listening to repetitive electronic music"

  3. News (Archive)   -   #3
    Hairbautt's Avatar *haircut
    Join Date
    Jul 2004
    Location
    Florida
    Age
    20
    Posts
    11,028
    Quote Originally Posted by iLOVENZB View Post
    I don't understand what you're trying to say?
    _________________________________________________________________________________________
    Last edited by Alien5; Jun 6th, 2006 at
    06:36 PM..

  4. News (Archive)   -   #4
    vegasx's Avatar Poker Enthusiastic
    Join Date
    Jan 2008
    Location
    Hell
    Posts
    539
    Firefox wins yet again

  5. News (Archive)   -   #5
    mbucari1's Avatar Poster BT Rep: +35BT Rep +35BT Rep +35BT Rep +35BT Rep +35BT Rep +35BT Rep +35
    Join Date
    Jan 2007
    Age
    30
    Posts
    2,871
    IE by default asks if you want to run activeX apps, firefox just runs them. Yes, firefox may have a better protection against potentially harmful actins, but IE ASKS you if you want to run it. Nuff said.

  6. News (Archive)   -   #6
    SonsOfLiberty's Avatar The Lonely Wanderer
    Join Date
    Dec 2008
    Location
    Capital Wasteland
    Posts
    24,011
    Quote Originally Posted by mbucari1 View Post
    IE by default asks if you want to run activeX apps, firefox just runs them. Yes, firefox may have a better protection against potentially harmful actins, but IE ASKS you if you want to run it. Nuff said.
    Guess you've never heard of NoScript?

    "Consider switching to the Firefox Web browser with the NoScript plug-in. NoScript selectively, and non-intrusively, blocks all scripts, plug-ins, and other code on Web pages that could be used to attack your system during visits"

    http://noscript.net/
    Last edited by SonsOfLiberty; 07-07-2009 at 06:07 PM.
    [center]

  7. News (Archive)   -   #7
    peat moss's Avatar Software Farmer BT Rep: +15BT Rep +15BT Rep +15
    Join Date
    May 2003
    Location
    Delta B.C. Canada
    Posts
    10,816
    Quote Originally Posted by Hairbautt View Post
    Quote Originally Posted by iLOVENZB View Post
    I don't understand what you're trying to say?
    Even though Windows Vista and Windows Server 2008 are not affected by the vulnerability, Microsoft is recommending that users of those products also use the workaround.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •