United States
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Norton Internet Security / Norton AntiVirus

Reply
Topic Options
Floating_Red
Rootkit Eradicator
Posts: 5,220
Registered: ‎05-30-2008
Accepted Solution

Un-Patched Vulnerability Being Exploited In-The-Wild

[ Edited ]
Options

‎07-06-2009 09:06 AM - edited ‎07-06-2009 09:13 AM

On Thursday, July 02, 2009, symantec became aware of a previously-un-known Vulnerability Affecting Microsoft Windows. This Issue Affects the msvidctl.dll Video Streaming ActiveX Control. Attackers can Exploit the Issue to Execute Arbitrary Code by Enticing a Vulnerable User to Visit a Malicious Web Site. This Issue is being Exploited in-the-Wild in Limited Attacks. Currently, we are not aware of any Patches for this Vulnerability.

Users are advised to:
- Use Caution while Accessing Un-Trusted Web Sites.
- Avoid following Web Links that Originate from Un-Known Sources.
- Consider setting the Kill-Bit on the associated C.L.S.I.D..
- Deploy Script-Blocking Mechanisms in the Browser.
- Deploy Memory-Protection Schemes such as Non-Executable Stack/Heap Configurations and Randomly-Mapped Memory Segments.

 

Message Edited by Floating_Red on 07-06-2009 05:13 PM
Tuesday, May 21, 2013: The Symantec THREATCON was Changed to Level 1: Normal | Tuesday, May 14, 2013: Microsoft "Patch Tuesday" | Sunday, May 05, 2013: Microsoft Internet Explorer 8 Zero-Day Vulnerability (Update Released)
Report Inappropriate Content
Message 1 of 15 (5,354 Views)
Floating_Red
Rootkit Eradicator
Posts: 5,220
Registered: ‎05-30-2008

Re: Un-Patched Vulnerability Being Exploited In-The-Wild

Options

‎07-06-2009 12:41 PM

On Monday, July 06, 2009, Microsoft Published a Security Advisory Discussing the Issue.

Microsoft Security Advisory (972890):
Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution:
http://www.microsoft.com/technet/security/advisory/972890.mspx.

 

_______________________________________________________________

 

 

Further Information is Available in the following Vulnerability Alert:

Microsoft Windows 'BDATuner.MPEG2TuneRequest.1' Object Remote Code Execution Vulnerability: http://www.securityfocus.com/bid/35558.

 

 

Tuesday, May 21, 2013: The Symantec THREATCON was Changed to Level 1: Normal | Tuesday, May 14, 2013: Microsoft "Patch Tuesday" | Sunday, May 05, 2013: Microsoft Internet Explorer 8 Zero-Day Vulnerability (Update Released)
Report Inappropriate Content
Message 2 of 15 (5,309 Views)
0 Kudos
Floating_Red
Rootkit Eradicator
Posts: 5,220
Registered: ‎05-30-2008

Re: Un-Patched Vulnerability Being Exploited In-The-Wild

[ Edited ]
Options

‎07-06-2009 04:02 PM - edited ‎07-06-2009 04:12 PM

Another Unpatched Vulnerability is Being Massively Exploited via Internet Explorer: http://www.symantec.com/connect/blogs/another-unpatched-vulnerability-being-massively-exploited-inte....

 

 

Please be advised that currently, this Un-Patched Vulnerability is being Exploited Wide-spread In-The-Wild, and is no longer being Exploited in "Limited Attacks" as stated in Message 01.

 

Message Edited by Floating_Red on 07-07-2009 12:12 AM
Tuesday, May 21, 2013: The Symantec THREATCON was Changed to Level 1: Normal | Tuesday, May 14, 2013: Microsoft "Patch Tuesday" | Sunday, May 05, 2013: Microsoft Internet Explorer 8 Zero-Day Vulnerability (Update Released)
Report Inappropriate Content
Message 3 of 15 (5,288 Views)
0 Kudos
Voyager10
Keylogger Crusher
Voyager10
Posts: 434
Registered: ‎05-03-2008

Re: Un-Patched Vulnerability Being Exploited In-The-Wild

Options

‎07-06-2009 10:39 PM

http://blog.trendmicro.com/zero-day-microsoft-directshow-mpeg2tunerequest-exploit-leads-to-killav-ma...

 

 

Upon successful exploitation, the script downloads another malware detected as WORM_KILLAV.AI. This malware disables and terminates antivirus software processes, and drops other malware on the affected system.

 

 

 as if we do not already have enough problems

Report Inappropriate Content
Message 4 of 15 (5,240 Views)
0 Kudos
Stu Rootkit Eradicator
Rootkit Eradicator
Stu
Posts: 5,210
Registered: ‎04-08-2008

Re: Un-Patched Vulnerability Being Exploited In-The-Wild

Options

‎07-07-2009 12:25 AM

Symantec is working very hard on this one. Good to hear
"All that we are is the result of what we have thought"
Report Inappropriate Content
Message 5 of 15 (5,229 Views)
0 Kudos
Floating_Red
Rootkit Eradicator
Posts: 5,220
Registered: ‎05-30-2008

Re: Un-Patched Vulnerability Being Exploited In-The-Wild

Options

‎07-09-2009 03:54 PM

Microsoft Internet Explorer Unpatched Vulnerability is Here… Norton Users Never Fear!: http://community.norton.com/t5/Norton-Protection-Blog/Microsoft-Internet-Explorer-Unpatched-Vulnerab....

 

Tuesday, May 21, 2013: The Symantec THREATCON was Changed to Level 1: Normal | Tuesday, May 14, 2013: Microsoft "Patch Tuesday" | Sunday, May 05, 2013: Microsoft Internet Explorer 8 Zero-Day Vulnerability (Update Released)
Report Inappropriate Content
Message 6 of 15 (5,069 Views)
0 Kudos
Symantec Employee
John_Harrison
Posts: 49
Registered: ‎06-04-2008

Re: Un-Patched Vulnerability Being Exploited In-The-Wild

Options

‎07-09-2009 04:43 PM

Thanks for posting the link to the blog and thanks for covering for the questions.

 

Thanks,
John

John Harrison, aka “Dr. Drive-By”
Symantec Security Technology and Response
Report Inappropriate Content
Message 7 of 15 (5,059 Views)
0 Kudos
Floating_Red
Rootkit Eradicator
Posts: 5,220
Registered: ‎05-30-2008

In-the-Wild DirectX, DirectShow and QuickTime Attacks

Options

‎07-13-2009 01:43 PM

In-the-Wild DirectX, DirectShow and QuickTime Attacks: http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=53902.

 

Tuesday, May 21, 2013: The Symantec THREATCON was Changed to Level 1: Normal | Tuesday, May 14, 2013: Microsoft "Patch Tuesday" | Sunday, May 05, 2013: Microsoft Internet Explorer 8 Zero-Day Vulnerability (Update Released)
Report Inappropriate Content
Message 8 of 15 (4,903 Views)
0 Kudos
Floating_Red
Rootkit Eradicator
Posts: 5,220
Registered: ‎05-30-2008

Un-Patched Vulnerability Affecting "Office Web Components"

Options

‎07-13-2009 01:45 PM

Un-Patched Vulnerability Affecting "Office Web Components": http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=61122.

 

Tuesday, May 21, 2013: The Symantec THREATCON was Changed to Level 1: Normal | Tuesday, May 14, 2013: Microsoft "Patch Tuesday" | Sunday, May 05, 2013: Microsoft Internet Explorer 8 Zero-Day Vulnerability (Update Released)
Report Inappropriate Content
Message 9 of 15 (4,899 Views)
0 Kudos
Floating_Red
Rootkit Eradicator
Posts: 5,220
Registered: ‎05-30-2008

Re: In-the-Wild DirectX, DirectShow and QuickTime Attacks

Options

‎07-14-2009 03:59 PM

Floating_Red wrote:

In-the-Wild DirectX, DirectShow and QuickTime Attacks: http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=53902.

 

 

Microsoft Released a Security Update on Tuesday, July 14, 2009; please Click on the Web Link above for More Details.

 

Tuesday, May 21, 2013: The Symantec THREATCON was Changed to Level 1: Normal | Tuesday, May 14, 2013: Microsoft "Patch Tuesday" | Sunday, May 05, 2013: Microsoft Internet Explorer 8 Zero-Day Vulnerability (Update Released)
Report Inappropriate Content
Message 10 of 15 (4,805 Views)
0 Kudos

Products

Services

Support

Norton on Facebook
Norton on Twitter
Norton's YouTube Channel
Symantec on Linked In
Norton on Google+