Vulnerability in Microsoft ActiveX Control Could Allow Remote Code Execution

by Klaus on July 8, 2009

in Browsers

Yesterday Microsoft announced that they are investigating a privately reported vulnerability in Microsoft Video ActiveX Control. If an attacker success in exploiting this vulnerability, he could gain the same rights as the local user. And now to the “sad” (and some what expected) part: When using Internet Explorer it could all happen without you knowing it, it’s done remote and does not require any user intervention.

Microsoft recommends that Windows XP and Windows Server 2003 customers remove support for this ActiveX Control within Internet Explorer. Though unaffected, they also recommend that Windows Vista and Windows Server 2008 customers apply the same measures.

Visit the Workaround section in Microsoft KB#972890 for more information on how to remove support for the ActiveX Control.

Microsoft is currently working to develop a security update for Windows to address this vulnerability and will release the update when it has reached an appropriate level of quality for broad distribution.

Until then, you might want to check out alternatives such as Mozilla Firefox, Google Chrome or Apple Safari.

Comments & Leave a Comment

comments

{ 1 comment… read it below or add one }

rijans January 11, 2011 at 07:31

Vulnerability is the main resource of hackers. Software firms should care about it.
rijans recently posted… How to Completely Block Any Website in a Windows Computer

Reply

 
Cancel reply

Leave a Comment

CommentLuv badge

Previous post:

Next post: