Microsoft Video ActiveX Control Vulnerability
- Microsoft Windows XP
- Microsoft Windows Server 2003
An unpatched vulnerability in the Microsoft Video ActiveX control is being used in attacks.
A remote, unauthenticated attacker could execute arbitrary code with the privileges of the victim user.
Microsoft has released an update to address this issue. See Microsoft Security Bulletin MS09-032 for more details.
The most effective workaround for this vulnerability is to set kill bits for the Microsoft Video ActiveX control, as outlined in the documents noted above. Other workarounds include disabling ActiveX, as specified in the Securing Your Web Browser document, and upgrading to Internet Explorer 7 or later, which can help mitigate the vulnerability with its ActiveX opt-in feature.
- July 06, 2009: Initial release
- July 15, 2009: Updated