Exploit published for Windows Media Encoder flaw
Proof-of-concept exploit code for the vulnerability, which allows remote code execution attacks via the Web, has been posted online, raising the likelihood that we’ll soon see in-the-wild exploitation.
The exploit, available at Milw0rm.com, targets a critical flaw in the WMEX.DLL ActiveX control installed by the Windows Media Encoder 9 Series. This ActiveX control is marked as Safe for Scripting and can be exploited view the Internet Explorer browser.
[ SEE: MS Patch Tuesday: 8 critical security holes patched ]
From Microsoft’s bulletin:
- The vulnerability could allow remote code execution if a user views a specially crafted Web page. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
The bulletin is rated “critical” on supported/affected editions of Microsoft Windows 2000, Windows XP and Windows Vista. On Windows Server 2003 and Windows Server 2008, it carries a “moderate” severity rating.
[Source: zdnet]
Post a Comment