Search
Search titles only
By:
Search titles only
By:
Log in
Register
Search
Search titles only
By:
Search titles only
By:
Menu
Install the app
Install
Forums
New posts
All threads
Latest threads
New posts
Trending threads
Trending
Search forums
What's new
New posts
New ads
New profile posts
Latest activity
Free Ads
Latest reviews
Search ads
Members
Current visitors
New profile posts
Search profile posts
Contact us
Latest ads
Colombo
YEYE 3 in 1 Instant Coffee Mix 50 Sachet
Romeshka
Updated:
Today at 12:16 AM
Colombo
Red Hat Certified System Administrator (RHCSA) - RHEL 10
Sanjeewani95
Updated:
Friday at 7:43 PM
NURSING , CAREGIVER , HOTEL & BEAUTY COURSES
IVA Para Medical Campus
Updated:
Thursday at 9:24 AM
Handmade Character Soft Toys Peppa Pig Family
anil1961
Updated:
Jul 1, 2026
Ad icon
Video Content Creator
pramukag
Updated:
Jun 28, 2026
Electronics
Vehicles
Property
Search
Reply to thread
Forums
General
News
Microsoft warns of hole in Video ActiveX control
Get the App
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Message
<blockquote data-quote="lkdood" data-source="post: 5109906" data-attributes="member: 92282"><p><strong>Microsoft on Monday warned of a vulnerability in its Video ActiveX Control that could allow an attacker to take control of a PC if the user visits a malicious Web site.</strong></p><p></p><p><strong> There have been limited attacks exploiting the hole, which affects Windows XP and Windows Server 2003, Microsoft said on its Security Response Center blog.</strong></p><p></p><p><strong> This is the second DirectShow security hole Microsoft has announced in the past few months. The company has yet to provide a security update for a vulnerability announced in May that involves the way DirectX handles QuickTime files. </strong></p><p><strong></strong></p><p><strong> Since there are no by-design uses for the ActiveX Control within Internet Explorer, Microsoft is recommending that users implement a workaround outlined in the security advisory. Customers can automatically implement the workaround by following the instructions under "Fix It For Me" in the Knowledge Base article for advisory number 972890 on the Microsoft support site.</strong></p><p></p><p><strong> Even though Windows Vista and Windows Server 2008 are not affected by the vulnerability, Microsoft is recommending that users of those products also use the workaround.</strong></p><p></p><p><strong> Microsoft is working on a security update and will release it when the quality is at the appropriate level for broad distribution, the company said.</strong></p><p><strong> The Microsoft Video Control object is an ActiveX control that connects Microsoft DirectShow filters for use in capturing, recording, and playing video. The control is the main component used in Windows Media Center for building filter graphs for recording and playing television video.</strong></p><p></p><p><strong> When it is used in IE, the control can corrupt the system state in such a way that arbitrary code could be run by an attacker. If the user is logged in with administrative rights, the attacker could take complete control of the system.</strong></p><p></p><p><strong> Antivirus vendor Symantec said it was seeing the flaw being exploited in China and other parts of Asia and cited reports that indicate thousands of Web sites are hosting the exploit. </strong></p><p></p><p><strong> Internet Explorer versions 6 and 7 are at risk, but people running IE 8 are not vulnerable, Symantec said. </strong></p><p><strong></strong></p><p><a href="http://news.cnet.com/8301-1009_3-10280141-83.html" target="_blank"><img src="http://i32.tinypic.com/5ajdcm.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a></p><p><strong><img src="http://i.i.com.com/cnwk.1d/i/b.gif" alt="" class="fr-fic fr-dii fr-draggable " style="" /></strong></p><p><strong></strong></p></blockquote><p></p>
[QUOTE="lkdood, post: 5109906, member: 92282"] [B]Microsoft on Monday warned of a vulnerability in its Video ActiveX Control that could allow an attacker to take control of a PC if the user visits a malicious Web site.[/B] [B] There have been limited attacks exploiting the hole, which affects Windows XP and Windows Server 2003, Microsoft said on its Security Response Center blog.[/B] [B] This is the second DirectShow security hole Microsoft has announced in the past few months. The company has yet to provide a security update for a vulnerability announced in May that involves the way DirectX handles QuickTime files. [/B] [B] Since there are no by-design uses for the ActiveX Control within Internet Explorer, Microsoft is recommending that users implement a workaround outlined in the security advisory. Customers can automatically implement the workaround by following the instructions under "Fix It For Me" in the Knowledge Base article for advisory number 972890 on the Microsoft support site.[/B] [B] Even though Windows Vista and Windows Server 2008 are not affected by the vulnerability, Microsoft is recommending that users of those products also use the workaround.[/B] [B] Microsoft is working on a security update and will release it when the quality is at the appropriate level for broad distribution, the company said.[/B] [B] The Microsoft Video Control object is an ActiveX control that connects Microsoft DirectShow filters for use in capturing, recording, and playing video. The control is the main component used in Windows Media Center for building filter graphs for recording and playing television video.[/B] [B] When it is used in IE, the control can corrupt the system state in such a way that arbitrary code could be run by an attacker. If the user is logged in with administrative rights, the attacker could take complete control of the system.[/B] [B] Antivirus vendor Symantec said it was seeing the flaw being exploited in China and other parts of Asia and cited reports that indicate thousands of Web sites are hosting the exploit. [/B] [B] Internet Explorer versions 6 and 7 are at risk, but people running IE 8 are not vulnerable, Symantec said. [/B] [URL="http://news.cnet.com/8301-1009_3-10280141-83.html"][IMG]http://i32.tinypic.com/5ajdcm.jpg[/IMG][/URL] [B][IMG]http://i.i.com.com/cnwk.1d/i/b.gif[/IMG] [/B] [/QUOTE]
Insert quotes…
Verification
Payakata winadi keeyak tibeda?
Post reply
Top
Bottom