US-CERT: United States Computer Emergency Readiness Team
Cyber Security Alert SA09-187A
Microsoft Video ActiveX Control Vulnerability
Original release date: July 06, 2009Last revised: July 15, 2009
Source: US-CERT
Systems Affected
- Microsoft Windows XP
- Microsoft Windows Server 2003
Overview
A vulnerability in a Microsoft ActiveX control may allow an attacker to take control of your computer.
Solution
Apply Updates
Microsoft has released an update to address this issue. See Microsoft Security Bulletin MS09-032 for more details.
Apply workarounds
There is not currently a fix for this vulnerability, but there are steps you can take to minimize risk.
- Use the Fix It wizard for this vulnerability on Microsoft's Help and Support website.
- Disable ActiveX by following the instructions in the Securing Your Web Browser document.
- Upgrade to Internet Explorer 7 or later, which can help mitigate the vulnerability with its ActiveX opt-in feature.
Microsoft has provided additional, more technical workarounds for this vulnerability in Security Advisory (972890).
Description
In Security Advisory (972890), Microsoft describes a vulnerability in the Microsoft Video ActiveX control. An attacker could exploit this vulnerability by convincing a user to access a specially crafted website or HTML email message.
This vulnerability is not a risk if you are using Windows Vista.
References
- Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/>
- Microsoft Security Advisory (972890) - <http://www.microsoft.com/technet/security/advisory/972890.mspx>
- Microsoft Security Bulletin - <http://www.microsoft.com/technet/security/Bulletin/MS09-032.mspx>
Feedback can be directed to US-CERT.
Produced 2009 by US-CERT, a government organization. Terms of use
Revision History
July 06, 2009: Initial release
July 15, 2009: Updated Solution section with MS09-032
