Hackers using Active X flaw for remote code execution
Published:07-July-2009

By Kevin White

Security researchers warn on Video ActiveX Control vulnerability

Potential cybercriminals have been found to be inserting a data-stealing Trojan onto PCs left vulnerable by a flaw in the Microsoft Video ActiveX Control, security experts have warned today.

The discovery, which was made yesterday by researchers in China and since confirmed by several authoritative security software vendors, enables remote code execution on targeted machines.

Finjan CTO Yuval Ben-Itzhak told us, “It stands as a zero-day attack until a patch is issued or a workaround is made, and it basically means that a hacker could take control of a remote PC by someone visiting a compromised web site.”

Some popular European music download and gaming sites are among those he said had already been be comprised. “It is low volume at present, but we expect to see it increase in the coming weeks,” he said. 

(Editor's Note:  Low in volume?  Was that a pun considering it's music downloads that put users at risk?)

Continue Reading at CBR

Trojan, Video ActiveX, Zero-Day Attack, hacker, music download