Be careful on downloading video files…

Microsoft ‘MPEG2TuneRequest’ Object Vulnerability


Another remote execution issues found last July 6, 2009 regarding vulnerability in Microsoft Video ActiveX Control. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention. Meaning to say, an attacker can easily manipulate security settings of your computer by just using Internet Explorer. In other word, one possibility is you can be locked out from using your own desktop or laptop.

remotexec

Microsoft issued a work around that will disable you from using the Microsoft Video ActiveX Control and will limit you from executing MPEG2 files.

According to Symantec, they are aware of an in-the-wild unpatched vulnerability affecting the ‘msvidctl.dll’ video streaming ActiveX control that could allow an attacker to take over a computer.

Any attackers may exploit this vulnerability by:

EMAILS – send a link to a malicious site via email
WEBSITE – can exploit the issue by enticing a user to visit a malicious site
INSTANT MESSAGE – send a link to a malicious site via instant messaging
FILE SHARING – distribute malicious documents via file-sharing applications

Use extra precaution are advise.

14 thoughts on “Be careful on downloading video files…”

  1. Doc Z,

    According to my source, some of the movies with virus are “Katrina and Hayden Kho's Scandals” and ” Maricar and Hyden Kho's Scandals” hehehehe. 😛

    Just Kidding! Peace Doc!

    Reply
  2. Didn’t knew about the remote I.P execution before that it could gain access to my PC and harm it, now I am aware of it so wont download a single video file ever. If in case its necessary to download I will take preventions.

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.