Un-Patched Vulnerability Being Exploited In-The-Wild

Floating_Red · ‎05-30-2008

On Thursday, July 02, 2009, symantec became aware of a previously-un-known Vulnerability Affecting Microsoft Windows. This Issue Affects the msvidctl.dll Video Streaming ActiveX Control. Attackers can Exploit the Issue to Execute Arbitrary Code by Enticing a Vulnerable User to Visit a Malicious Web Site. This Issue is being Exploited in-the-Wild in Limited Attacks. Currently, we are not aware of any Patches for this Vulnerability.

Users are advised to:
- Use Caution while Accessing Un-Trusted Web Sites.
- Avoid following Web Links that Originate from Un-Known Sources.
- Consider setting the Kill-Bit on the associated C.L.S.I.D..
- Deploy Script-Blocking Mechanisms in the Browser.
- Deploy Memory-Protection Schemes such as Non-Executable Stack/Heap Configurations and Randomly-Mapped Memory Segments.

Message Edited by Floating_Red on 07-06-2009 05:13 PM

Tuesday, June 18, 2013: The THREATCON was changed to Level 1: Normal | Targeted Attack Exploits Ichitaro Vulnerability | Tuesday, June 11, 2013: Microsoft "Patch Tuesday"

Floating_Red · ‎05-30-2008

On Monday, July 06, 2009, Microsoft Published a Security Advisory Discussing the Issue.

Microsoft Security Advisory (972890):
Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution:
http://www.microsoft.com/technet/security/advisory/972890.mspx.

_______________________________________________________________

Further Information is Available in the following Vulnerability Alert:

Microsoft Windows 'BDATuner.MPEG2TuneRequest.1' Object Remote Code Execution Vulnerability: http://www.securityfocus.com/bid/35558.

Tuesday, June 18, 2013: The THREATCON was changed to Level 1: Normal | Targeted Attack Exploits Ichitaro Vulnerability | Tuesday, June 11, 2013: Microsoft "Patch Tuesday"

Floating_Red · ‎05-30-2008

Another Unpatched Vulnerability is Being Massively Exploited via Internet Explorer: http://www.symantec.com/connect/blogs/another-unpatched-vulnerability-being-massively-exploited-inte....

Please be advised that currently, this Un-Patched Vulnerability is being Exploited Wide-spread In-The-Wild, and is no longer being Exploited in "Limited Attacks" as stated in Message 01.

Message Edited by Floating_Red on 07-07-2009 12:12 AM

Tuesday, June 18, 2013: The THREATCON was changed to Level 1: Normal | Targeted Attack Exploits Ichitaro Vulnerability | Tuesday, June 11, 2013: Microsoft "Patch Tuesday"

Voyager10 · ‎05-03-2008

http://blog.trendmicro.com/zero-day-microsoft-directshow-mpeg2tunerequest-exploit-leads-to-killav-ma...

Upon successful exploitation, the script downloads another malware detected as WORM_KILLAV.AI. This malware disables and terminates antivirus software processes, and drops other malware on the affected system.

as if we do not already have enough problems

Stu · ‎04-08-2008

Symantec is working very hard on this one. Good to hear

"All that we are is the result of what we have thought"

Floating_Red · ‎05-30-2008

Microsoft Internet Explorer Unpatched Vulnerability is Here… Norton Users Never Fear!: http://community.norton.com/t5/Norton-Protection-Blog/Microsoft-Internet-Explorer-Unpatched-Vulnerab....

Tuesday, June 18, 2013: The THREATCON was changed to Level 1: Normal | Targeted Attack Exploits Ichitaro Vulnerability | Tuesday, June 11, 2013: Microsoft "Patch Tuesday"

John_Harrison · ‎06-04-2008

Thanks for posting the link to the blog and thanks for covering for the questions.

Thanks,
John

John Harrison, aka “Dr. Drive-By”
Symantec Security Technology and Response

Floating_Red · ‎05-30-2008

In-the-Wild DirectX, DirectShow and QuickTime Attacks: http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=53902.

Tuesday, June 18, 2013: The THREATCON was changed to Level 1: Normal | Targeted Attack Exploits Ichitaro Vulnerability | Tuesday, June 11, 2013: Microsoft "Patch Tuesday"

Floating_Red · ‎05-30-2008

Un-Patched Vulnerability Affecting "Office Web Components": http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=61122.

Tuesday, June 18, 2013: The THREATCON was changed to Level 1: Normal | Targeted Attack Exploits Ichitaro Vulnerability | Tuesday, June 11, 2013: Microsoft "Patch Tuesday"

Floating_Red · ‎05-30-2008

Floating_Red wrote:
In-the-Wild DirectX, DirectShow and QuickTime Attacks: http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=53902.

Microsoft Released a Security Update on Tuesday, July 14, 2009; please Click on the Web Link above for More Details.

Tuesday, June 18, 2013: The THREATCON was changed to Level 1: Normal | Targeted Attack Exploits Ichitaro Vulnerability | Tuesday, June 11, 2013: Microsoft "Patch Tuesday"