Security Advisory: Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution
July 6, 2009
A vulnerability in Microsoft Video ActiveX control could allow a hacker to remotely control a user’s PC without any user interaction. Microsoft Security Advisory (972890) states that an attacker could exploit this vulnerability by convincing a user to access a specially crafted website or HTML email message. This vulnerability is not a risk if you are using Windows Vista.
Approximately 967 Chinese websites are reported to be infected by a malicious script that leads users to successive redirections finally downloading a JPG file containing the exploit, detected by Trend Micro as JS_DLOADER.BD.
Upon successful exploitation, the script downloads another malware detected as WORM_KILLAV.AI. This malware disables and terminates AV processes, and drops other malware on the affected system.
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
A vulnerability in Microsoft Video ActiveX control could allow a hacker to remotely control a user’s PC without any user interaction. Microsoft Security Advisory (972890) states that an attacker could exploit this vulnerability by convincing a user to access a specially crafted website or HTML email message. This vulnerability is not a risk if you are using Windows Vista.
Approximately 967 Chinese websites are reported to be infected by a malicious script that leads users to successive redirections finally downloading a JPG file containing the exploit, detected by Trend Micro as JS_DLOADER.BD.
Upon successful exploitation, the script downloads another malware detected as WORM_KILLAV.AI. This malware disables and terminates AV processes, and drops other malware on the affected system.
Affected Software
Windows XP Service Pack 2 and Windows XP Service Pack 3Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Recommended Actions
Make sure your Trend Micro security products are current (CPR 6.252.03 or higher). Trend Micro products with Web Reputation technology currently block malicious URLs associated with this exploit.Trend Recommends
- Home & Home Office Products
Trend Micro Internet Security - Small Business Products
Worry-Free Business Security Standard/Advanced and Hosted - Medium Business/Enterprise
OfficeScan Client Server Edition
