This post was published 4 months 16 days ago.
It\'s is possible that the information within this article is now out of date or updated.

Microsoft has released a Security Advisory  about a vulnerability in Microsoft video ActiveX.

Microsoft is investigating a privately reported vulnerability in Microsoft Video ActiveX Control. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.

We are aware of attacks attempting to exploit the vulnerability.

Our investigation has shown that there are no by-design uses for this ActiveX Control in Internet Explorer which includes all of the Class Identifiers within the msvidctl.dll that hosts this ActiveX Control. For Windows XP and Windows Server 2003 customers, Microsoft is recommending removing support for this ActiveX Control within Internet Explorer using all the Class Identifiers listed in the Workaround section. Though unaffected by this vulnerability, Microsoft is recommending that Windows Vista and Windows Server 2008 customers remove support for this ActiveX Control within Internet Explorer using the same Class Identifiers as a defense-in-depth measure.

Microsoft Security Advisory (972890): Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution

ctitanic (735 Posts) - Website | Twitter | Facebook

Working as IT Professional since 1994. IT Manager since 1999. Microsoft Most Valuable Professional in Tablet PC/UMPC since 2007. Owner/writer of www.ultramobilepc-tips.com . Published many articles in todoUMPC Magazine, www.todoUMPCmagazine.com, the first online magazine all about UMPCs. Maker of Tweaks2K2, a registry hacking tool for Pocket PC devices (www.tweaks2k2.com).