By Thomas Claburn July 7, 2009
Microsoft on Monday issued a security advisory about a zero-day vulnerability in the Microsoft Video ActiveX Control. The flaw could allow a remote unauthenticated attacker to execute malicious code on computers running Windows XP and Windows 2003 Server. "A browse-and-get-owned attack vector exists," acknowledged Microsoft security engineer Chengyun Chu on the company's Security Research & Defense blog. "A user needs to be lured to navigate to a malicious Web site or a compromised legitimate Web site to be affected. No further user interaction is needed." And legitimate Web sites may be compromised merely by hosting content submitted by users. Such content or advertisements could be crafted to exploit the Video ActiveX Control vulnerability.
Read more here -->Link
No comments:
Post a Comment