Microsoft has warned of an Internet Explorer vulnerability involving its Video ActiveX Control that could let an attacker take control of a PC. Microsoft said the vulnerability affects Windows XP and Windows Server 2003.
It offered a workaround to the IE ActiveX hole that it said should also be used for Windows Vista and Windows Server 2008.
Microsoft Relevant Products/Services has warned of a vulnerability in its Video ActiveX Control that affects Windows XP and Windows Server 2003. The software giant said there have been limited attacks exploiting the vulnerability.
The flaw could be exploited by a visit to a malicious Web site and allow an attacker to take control of a PC. Microsoft said it is working on a security Relevant Products/Services update, and meantime advised that users prevent Microsoft Video ActiveX Control from running in Internet Explorer.
The steps to stop the control in IE are a bit complex, but Microsoft offers a "Fix it for me" option at http://support.microsoft.com/kb/972890.
Microsoft also recommends users of Windows Vista and Windows Server 2008 take these steps.
The Microsoft Video ActiveX Control connects DirectShow filters for video and is used in Windows Media Center. When the control runs in Internet Explorer, it can corrupt the system so that an attacker can run arbitrary code.
Security vendor Symantec said the vulnerability affects IE6 and IE7, but not IE8.