Remote Code Execution Vulnerability Identified in Microsoft Video ActiveX Control!

I have very important but regrettably sad news regarding the online computer world. What I want to announce is that the world of computer security has been shook-up again! After a number of various vulnerabilities reported in ActiveX control a while ago, a new one has appeared. This time a harmful stack buffer overflow vulnerability was discovered in the Microsoft Video ActiveX control.

Now, let me describe what ActiveX control is, to those of you who are not aware of it. ActiveX is a framework to determine reusable software components, known as controls. They carry out a particular function or a set of functions in Microsoft Windows in a way that is independent of the programming language used to implement them. A software application can then be created from one or more of these components in order to provide its functionality.

Microsoft Windows comes with an ActiveX component called "ActiveX control for streaming video". It is provided by msvidctl.dll. This component gives a lot of Class Identifiers (CLSIDs) that are marked as Safe for Scripting and Safe for Initialization. This means that they can be used by Internet Explorer. The ActiveX controls offered by msvidctl.dll do not suitably manage file input, which can lead to stack memory corruption. This allows for the Structured Exception Handler (SEH) to be overwritten, thus enabling subversion of the program execution flow.

Table 1.  Some versions of Microsoft Windows which may be vulnerable

If a user is persuaded to view a specially crafted HTML document ( a web page or an HTML email message or attachment), an attacker could manipulate the vulnerability to execute arbitrary code with the same privileges of the local user. When using Internet Explorer, code execution is remote and might not need any user intervention. This particular vulnerability affects many versions of Microsoft Windows. Some versions of the Windows Servers are affected as well. Some of the files of Windows Server 2003 may include but are not limited to the following: ialmnt5.sys, ialmkchw.sys, p3admin.dll, ql2300.sys, WMSServerConfig.exe, WMSServerResourceRES.dll, WMSSrvMk.dll.

Unquestionably, after reading through this article, some of you could be confused and ask, what can I do? How can I fix this vulnerability and avoid such a security issue? I would be so glad to tell you that it has been patched, but unfortunately there is no solution to this particular vulnerability at the moment. What you can do, is disable the vulnerable ActiveX controls or disable ActiveX. At present, Microsoft is working to develop a security update for Windows to address this vulnerability. It is going to issue the update when it has reached an appropriate level of quality for broad distribution.