Microsoft ‘MPEG2TuneRequest’ Object Vulnerability
Another remote execution issues found last July 6, 2009 regarding vulnerability in Microsoft Video ActiveX Control. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention. Meaning to say, an attacker can easily manipulate security settings of your computer by just using Internet Explorer. In other word, one possibility is you can be locked out from using your own desktop or laptop.
Microsoft issued a work around that will disable you from using the Microsoft Video ActiveX Control and will limit you from executing MPEG2 files.
According to Symantec, they are aware of an in-the-wild unpatched vulnerability affecting the ‘msvidctl.dll’ video streaming ActiveX control that could allow an attacker to take over a computer.
Any attackers may exploit this vulnerability by:
EMAILS – send a link to a malicious site via email
WEBSITE – can exploit the issue by enticing a user to visit a malicious site
INSTANT MESSAGE – send a link to a malicious site via instant messaging
FILE SHARING – distribute malicious documents via file-sharing applications
Use extra precaution are advise.