Alerts
Compromised Sites Leading To Microsoft Msvidctl Zero Day
Date:07.06.2009
Threat Type: Malicious Web Site / Malicious Code
Websense Security Labs™ ThreatSeeker™ Network is currently tracking legitimate sites that have been compromised to lead to a zero-day exploit targeting an Internet Explorer vulnerability. The compromised sites lead to a handful of payload sites hosting the exploit code which targets msvidctl.dll - an ActiveX control for streaming video.
The new zero-day exploit has been added to other exploits on Chinese payload sites. We have been monitoring these sites, which have been systematically injected throughout the last year.
Further information can be found at SecurityFocus who has assigned BID 35558 to this vulnerability. No vendor patch currently exists for this vulnerability.
Update: Since posting this Alert Microsoft have released information on this vulnerability in Microsoft Security Advisory 972890. Microsoft offer a work-around in Knowledge Base Article 972890.
ThreatSeeker is tracking this attack and we will provide updates as new information emerges.
Screenshot of malicious exploit code:
Websense® Messaging and Websense Web Security customers are protected against this attack.