Microsoft Video ActiveX Vulnerability Compromises Windows Systems

A 0Day vulnerability within an Internet Explorer component that handles Video is being actively exploited on masse to compromise Windows XP and Windows 2003 systems running Internet Explorer 6 and 7. Internet Explorer 8 is however understood not to be vulnerable.

Although Internet Explorer 7 on other Windows versions is vulnerable, on Windows Vista and Windows 2008 it is not vulnerable.  

The Microsoft video streaming ActiveX control (MsVidCtl) has an unpatched vulnerability, this control is used to provide TV Tuner support. Successful exploitation of the issue can allow arbitrary code to run when a malicious website is visited. The associated program ID for the control is 'BDATuner.MPEG2TuneRequest.1' and the CLSID is:

0955AC62-BF2E-4CBA-A2B9-A63F772D46CF

When a crafted file is provided to the 'data' parameter of the ActiveX control object, the issue is triggered in the 'msvidctl.dll' file and the attacker can then execute arbitrary code within the context of the current user. 

The issue is being wildly exploited and Microsoft have published an advisory here for the issue. Initial attacks where concentrated around compromised systems in China, however it is understood that sites globally are being compromised to host the exploit for triggering 'Drive-by' style compromises of visitors. Microsoft included with their advisory a workaround for the issue that will help mitigate the issue until they release a patch. This vulnerability is also unrelated to previously released DirectShow vulnerabilities uncovered in May 2009.