Heads up - new 0-day - AVG Blogs

July 06, 2009

Heads up - new 0-day

Hi folks,

A nifty new 0-day has appeared on multiple (mostly) Chinese sites overnight. It involves an ActiveX control called the Microsoft Streaming Video control. At this point, it seems to work _really_ well, so it's likely to become a staple of would-be exploitive websites for years to come. LinkScanner detects it just fine, and we may make extra releases to deal with variants over the next few days, so make sure you stay up to date.

We'll add more information here as we find more out.

Cheers

Roger

Please follow me on twitter

and, for support, please go here

Update #1

Hi folks,

Just a quick note to tell you that the exploit is indeed spreading. It doesn't seem to have made its way into the overtly criminal activity yet, or into the exploit packs, but it's a given that it will. Still no patch from Microsoft. If you are not running the professional version of AVG, the one with Indentity Protection, it'd be a good idea to upgrade at this point.

Cheers

Roger

Posted at 03:43 PM | Permalink

Comments

You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

Posted by: |

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:

Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.