Finjan Blocks New Zero-Day Attack on Microsoft Video ActiveX Control
July 2009 by Finjan
Cybercriminals are targeting yet another vulnerability in Microsoft product - the Microsoft Video ActiveX Control. The zero-day vulnerability that was found can be exploited via a malformed Web page.
The attack, that was already spotted in the wild, enables remote code execution (RCE) on the targeted machine. By exploiting this vulnerability cybercriminals are inserting a data-stealing Trojan to the victim’s machine .
Microsoft has just released an Advisory about this vulnerability: http://www.microsoft.com/technet/security/advisory/972890.mspx
Microsoft is currently working to develop a security update for Windows to address this vulnerability.
Web security products utilizing real-time code analysis technologies are the preferred solution to block such 0-day attacks. Yuval Ben-Itzhak, Finjan CTO explains, “Finjan customers are protected from this zero-day attack as Finjan’s Vital Security Web Gateway is able to detect the exploit and block the attack without prior knowledge of the specific technique.”