A zero day vulnerability exploiting the DirectShow ActiveX object of Microsoft’s Internet Explorer (IE) has been targeting Windows XP and 2003 users through compromised websites.
The exploit code for the previously unknown vulnerability seems to originate from a series of servers mostly located in China, which redirects IE users from thousands of legitimate websites to ones containing a variety of harmful malware.
Microsoft said late yesterday in an advisory that it was aware of attempting to exploit the vulnerability. “An attacker who successfully exploited this vulnerability could gain the same user rights as the local user,” it stated. “When using Internet Explorer, code execution is remote and may not require any user intervention.”
It also said that while it was working to patch the exploit, IE7, Windows Server 2008 and Vista users were not affected, due to the fact that ActiveX objects are restricted by default.
Many security researchers have given the vulnerability the highest security rating. Haowei Ren and Geok Meng Ong said in their McAfee Avert Labs blog that the web exploit tool toolkit also sends a “cocktail of exploits,” including XMLhttp.d, RealPlay.a, BBar and MS06-014, as well as the zero-day MSDirectShow.b.
“Each of these exploits targets a different application that could be vulnerable – IE6 and 7, DirectShow ActiveX, RealPlayer, Baidu Toolbar, that can be accessed via the IE browser,” wrote the researchers.
Microsoft said, as a temporary fix, users could prevent the Microsoft Video ActiveX Control from running in Internet Explorer, either manually or automatically using the solution detailed in a Microsoft Knowledge Base article, with no impact to application compatibility.
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…