Finjan Blocks Zero-Day Attack on Microsoft Video ActiveX Control

Cybercriminals are targeting yet another vulnerability in Microsoft product – the Microsoft Video ActiveX Control.

The zero-day vulnerability that was found can be exploited via a malformed Web page.

The attack, that was already spotted in the wild, enables remote code execution (RCE) on the targeted machine.

By exploiting this vulnerability cybercriminals are inserting a data-stealing Trojan to the victim’s machine.

For more information about this zero-day attack and a snapshot of the actual code visit Finjan’s blog at http://www.finjan.com/MCRCblog.aspx?EntryId=2300

Microsoft has just released an Advisory about this vulnerability: http://www.microsoft.com/technet/security/advisory/972890.mspx

Microsoft is currently working to develop a security update for Windows to address this vulnerability.

Web security products utilizing real-time code analysis technologies are the preferred solution to block such 0-day attacks.

Yuval Ben-Itzhak, Finjan CTO explains, “Finjan customers are protected from this zero-day attack as Finjan’s Vital Security Web Gateway is able to detect the exploit and block the attack without prior knowledge of the specific technique.”

Story link: Finjan Blocks Zero-Day Attack on Microsoft Video ActiveX Control