Microsoft ‘MPEG2TuneRequest’ Object Vulnerability


Another remote execution issues found last July 6, 2009 regarding vulnerability in Microsoft Video ActiveX Control. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention. Meaning to say, an attacker can easily manipulate security settings of your computer by just using Internet Explorer. In other word, one possibility is you can be locked out from using your own desktop or laptop.

remotexec

Microsoft issued a work around that will disable you from using the Microsoft Video ActiveX Control and will limit you from executing MPEG2 files.

According to Symantec, they are aware of an in-the-wild unpatched vulnerability affecting the ‘msvidctl.dll’ video streaming ActiveX control that could allow an attacker to take over a computer.

Any attackers may exploit this vulnerability by:

EMAILS – send a link to a malicious site via email
WEBSITE – can exploit the issue by enticing a user to visit a malicious site
INSTANT MESSAGE – send a link to a malicious site via instant messaging
FILE SHARING – distribute malicious documents via file-sharing applications

Use extra precaution are advise.

Recommended Articles:

  1. Warning on Powerpoint attachements!
  2. OpenType Font Engine Could Allow Remote Code Execution
  3. Sneak Preview who will be the Qlick Dropper for March 2009
  4. March 2009 Qlick Dropper
  5. Blooth Tooth Hands-free Calling now on Cars
Be Sociable, Share!

Jhong Medina

Hi, I'm Jhong Medina, I'm your friendly neighborhood tech blogger. Please feel free to post your question in any of my topics. Hope you can join and share your ideas, too.

More Posts - Website - Twitter - Facebook


SocialTwist Tell-a-Friend

Switch to our mobile site

Posted in Information Technology, Qlick Solutions | 13 Comments »
  • http://zorlone.blogspot.com Zorlone

    Pretty scary news! I need to be more careful next time I download stuff.

    Z

  • http://qlickblogs.blogspot.com jhongmed

    I think I lost my comments when I installed DISQUS…

    • http://qlickblogs.blogspot.com jhongmed

      I found it already…

  • http://qlickblogs.blogspot.com jhongmed

    Doc Z,

    According to my source, some of the movies with virus are “Katrina and Hayden Kho's Scandals” and ” Maricar and Hyden Kho's Scandals” hehehehe. :P

    Just Kidding! Peace Doc!

  • http://qlickblogs.blogspot.com jhongmed

    I found it already…

  • http://www.reyjr.com reyjr

    Hi Jhong! Nakaka takot naman ito, baka may mga ganyang sa Twitter shortened links! boo!

    • http://qlickblogs.blogspot.com jhongmed

      Thanks for commenting @reyjr. I haven’t updated this, kasi been busy with my 8 hr job eh.

  • http://reyjr.blogspot.com reyjr

    Hi Jhong! Nakaka takot naman ito, baka may mga ganyang sa Twitter shortened links! boo!

  • http://qlickblogs.blogspot.com jhongmed

    Thanks for commenting @reyjr. I haven't updated this, kasi been busy with my 8 hr job eh.

  • http://www.reyjr.com reyjr

    Hi Jhong! Nakaka takot naman ito, baka may mga ganyang sa Twitter shortened links! boo!

  • http://qlickblogs.blogspot.com jhongmed

    Thanks for commenting @reyjr. I haven't updated this, kasi been busy with my 8 hr job eh.

  • http://www.currency.com.pk/pakistan-gold-and-silver-rates.html Gold Rates

    Didn’t knew about the remote I.P execution before that it could gain access to my PC and harm it, now I am aware of it so wont download a single video file ever. If in case its necessary to download I will take preventions.

  • http://qlickblogs.blogspot.com jhongmed

    Doc Z,

    According to my source, some of the movies with virus are “Katrina and Hayden Kho’s Scandals” and ” Maricar and Hyden Kho’s Scandals” hehehehe. :P

    Just Kidding! Peace Doc!