Microsoft warns of critical Internet Explorer/DirectShow flaw

malware_warningIn a security advisory Microsoft published yesterday the company warns of a critical error within an ActiveX component for the Internet Explorer. This DirectShow component provides video playback, record and capture capabilities. Due to the error it is possible for attackers to inject malicious software (well – malware, let’s name it!) into the computer – without user intervention, just by visiting a hacked website. We detect the exploiting JavaScript as “HTML/Shellcode.Gen”.

Microsoft reports also that this vulnerability gets exploited on the Internet already. There is no patch to close the security hole yet. Anyhow, the company provides a knowledgebase article with a “FixIt for me” workaround. This installer can be distributed in company networks as well as on home computers and disables the execution of the faulty component within the Internet Explorer. Make sure to execute it if you use any Windows flavour of Windows XP or Windows Server 2003!

Dirk Knop
Technical Editor