There has been found a vulnerability in msvidctl component of Microsoft DirectShow. According to CSIS the vulnerability is actively being exploited through drive-by attacks using thousands of newly compromised web sites.
There isn't a patch available for the vulnerability yet. As a work around, the vulnerable msvidctl.dll component can be stopped from running in Internet Explorer by setting a kill bit for it by using following registry fix (it's recommended to always backup registry before making any modifications to it):
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}]
"Compatibility Flags"=dword:00000400
More information:
Sans
SecurityFocus
Monday, July 6, 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment