View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
July 7, 2009

Hackers using Active X flaw for remote code execution

Security researchers warn on Video ActiveX Control vulnerability

By CBR Staff Writer

Potential cybercriminals have been found to be inserting a data-stealing Trojan onto PCs left vulnerable by a flaw in the Microsoft Video ActiveX Control, security experts have warned today.

The discovery, which was made yesterday by researchers in China and since confirmed by several authoritative security software vendors, enables remote code execution on targeted machines.

Finjan CTO Yuval Ben-Itzhak told us, “It stands as a zero-day attack until a patch is issued or a workaround is made, and it basically means that a hacker could take control of a remote PC by someone visiting a compromised web site.”

Some popular European music download and gaming sites are among those he said had already been be comprised. “It is low volume at present, but we expect to see it increase in the coming weeks,” he said.

In a Security Advisory produced yesterday Microsoft confirmed that a vulnerability in Microsoft Video ActiveX Control could indeed allow remote code execution. “An attacker who successfully exploited this vulnerability could gain the same user rights as the local user,” it said, adding that the company was aware of attacks attempting to exploit the vulnerability.

It said users could prevent the Microsoft Video ActiveX Control from running in Internet Explorer, either manually or automatically, and that the company is currently working to develop a security update for Windows to address the vulnerability.

Machines that are running Windows Vista or Windows Server 2008 are not affected because the ability to pass data to this control within Internet Explorer has been restricted.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Ben-Itzhak said that the case demonstrates the value of having security systems like Finjan’s own that are set up to monitor and detect changes in content behaviour, rather than scanning for malware signatures. 

“Security products need to be able to block proactively, without any need for updates. Even when patch becomes available, it can take money and time to deploy.” 

Finjan’s Vital Security Web Gateway had been able to detect the exploit and block this particular attack without prior knowledge of the specific technique, he added.


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.