Microsoft Video ActiveX Control Vulnerability (TA09-187A)
http://jvnrss.ise.chuo-u.ac.jp/jtg/trn/en/JVNTR-2009-16.html
JVNRSS based Status Tracking Notes: An unpatched vulnerability in the Microsoft Video ActiveX control is being used in attacks.JVNRSS Feasibility Study Teamjvn@jvn.jpJVNTR-2009-162009-07-26T02:41+00:002009-07-07T21:30+00:002009-07-26T02:41+00:00AlertCon (2) => (1)
https://webapp.iss.net/gtoc/index.html
IBM Internet Security Systemshttp://www.microsoft.com/technet/security/advisory/972890.mspxhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-00152009-07-21T06:00+09:002009-07-21T06:00+09:002009-07-21T06:00+09:00Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/972890.mspx?jvntrev=1
Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-032 to address this issue.
MicrosoftMicrosoft Security Advisory (972890)http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0015http://www.microsoft.com/technet/security/bulletin/ms09-032.mspx2009-07-14T12:16-07:002009-07-14T12:16-07:002009-07-14T12:16-07:00* INFOCON Status - staying green
http://isc.sans.org/diary.html?storyid=6745
There is adequate coverage in the security software community (IDS detection, AV detection, etc.) and Microsoft has a bulletin available we decided to stay GREEN.
SANS Internet Storm Centerhttp://www.us-cert.gov/cas/techalerts/TA09-187A.htmlhttp://www.microsoft.com/technet/security/bulletin/ms09-017.mspxhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-00152009-07-07T14:55+00:002009-07-07T14:55+00:002009-07-07T14:55+00:00An Artemis View of Zero-Day Attacks
http://www.avertlabs.com/research/blog/index.php/2009/07/07/an-artemis-view-of-0-day-attack/
Computer Security Research - McAfee Avert Labs Blog
In China, a new sample variant was queried by Artemis more than 180 times at more than 70 unique IP addresses (ISP, not end point) over a 24-hour period.
McAfeehttp://www.us-cert.gov/cas/techalerts/TA09-187A.htmlhttp://www.microsoft.com/technet/security/advisory/972890.mspxhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-00152009-07-07T03:05-06:002009-07-07T03:05-06:002009-07-07T03:05-06:00IE 0day exploit domains (constantly updated)
http://isc.sans.org/diary.html?storyid=6739
This diary entry contains a list of domains that are exploiting the new IE-0day as well as secondary domains that are hosting potentially malicious binaries utilized in these attacks. This list has been produced as a combined effort of researchers, vendors, and volunteers.
SANS Internet Storm Centerhttp://www.us-cert.gov/cas/techalerts/TA09-187A.htmlhttp://www.microsoft.com/technet/security/bulletin/ms09-017.mspxhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-00152009-07-07T02:33+00:002009-07-07T02:33+00:002009-07-07T02:33+00:00Zero-day MPEG2TuneRequest Exploit Leads to KILLAV
http://blog.trendmicro.com/zero-day-microsoft-directshow-mpeg2tunerequest-exploit-leads-to-killav-malware/
TrendLabs | Malware Blog - by Trend Micro
Trend Microhttp://www.us-cert.gov/cas/techalerts/TA09-187A.htmlhttp://www.microsoft.com/technet/security/advisory/972890.mspxhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-00152009-07-06T17:36-07:002009-07-06T17:36-07:002009-07-06T17:36-07:00ThreatCON (2) => (2)
https://tms.symantec.com/
On July 2, 2009, Symantec became aware of a previously unknown vulnerability affecting Microsoft Windows. This issue is being exploited in the wild in limited attacks. On July 6, 2009, Microsoft published a security advisory discussing the issue.
Symantechttp://www.microsoft.com/technet/security/advisory/972890.mspxhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-00152009-07-06T21:29+00:002009-07-06T21:29+00:002009-07-06T21:29+00:00Microsoft Video ActiveX Control Vulnerability
http://www.us-cert.gov/cas/techalerts/TA09-187A.html
Via US-CERT Mailing List
US-CERTTA09-187Ahttp://www.us-cert.gov/cas/techalerts/TA09-187A.htmlhttp://www.microsoft.com/technet/security/advisory/972890.mspxhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-00152009-07-06T17:14-04:002009-07-06T17:14-04:002009-07-06T17:14-04:000-day in Microsoft DirectShow (msvidctl.dll) used in drive-by attacks (Version: 2)
http://isc.sans.org/diary.html?storyid=6733
A 0-day exploit within the msVidCtl component of Microsoft DirectShow is actively being exploited through drive-by attacks using thousands of newly compromised web sites, according to CSIS. The code has been published in the public domain via a number of Chinese web sites.
SANS Internet Storm Centerhttp://www.us-cert.gov/cas/techalerts/TA09-187A.htmlhttp://www.microsoft.com/technet/security/bulletin/ms09-017.mspxhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-00152009-07-06T19:07+00:002009-07-06T19:07+00:002009-07-06T19:07+00:00Microsoft Releases Security Advisory 972890
http://www.us-cert.gov/current/archive/2009/07/06/archive.html#microsoft_directshow_vulnerability
US-CERT Current Activity
Microsoft has released Security Advisory 972890 to alert users about a vulnerability in Microsoft Video ActiveX Control. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. The advisory also indicates that Microsoft is aware of attacks attempting to exploit the vulnerability.
US-CERThttp://www.microsoft.com/technet/security/advisory/972890.mspxhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-00152009-07-06T13:57-04:002009-07-06T13:57-04:002009-07-06T13:57-04:00AlertCon (1) => (2)
https://gtoc.iss.net/issEn/delivery/gtoc/index.jsp
The IBM Internet Security Systems threat level has been raised to AlertCon 2 in response to the Microsoft DirectShow vulnerability currently being exploited in the wild.
IBM Internet Security Systemshttp://www.microsoft.com/technet/security/advisory/972890.mspxhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-00152009-07-06T17:55+00:002009-07-06T17:55+00:002009-07-06T17:55+00:00Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/972890.mspx
Advisory published.
Microsoft is investigating a privately reported vulnerability in Microsoft Video ActiveX Control. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.
MicrosoftMicrosoft Security Advisory (972890)http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-00152009-07-06T10:51-07:002009-07-06T10:51-07:002009-07-06T10:51-07:00Multiple Microsoft Video Control ActiveX Remote Code Execution Vulnerabilities
http://www.iss.net/threats/329.html
Buffer overflow vulnerability (CVE-2008-0015)
Memory corruption vulnerability (CVE-2008-0020)
Multiple vulnerabilities were discovered in the Microsoft Video Controller ActiveX Library, MSVidCtl, which can result in reliable remote code execution.
IBM Internet Security Systemshttp://www.microsoft.com/technet/security/advisory/972890.mspxhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0015http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0020http://xforce.iss.net/xforce/xfdb/406932009-07-062009-07-062009-07-06Exploit-MSDirectShow.b
http://vil.nai.com/vil/content/v_175176.htm
McAfeehttp://www.us-cert.gov/cas/techalerts/TA09-187A.htmlhttp://www.microsoft.com/technet/security/advisory/972890.mspxhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-00152009-07-062009-07-062009-07-06JS_DLOADER.BD
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS_DLOADER.BD
Exploiting Buffer overflow vulnerability (CVE-2008-0015)
Trend Microhttp://www.us-cert.gov/cas/techalerts/TA09-187A.htmlhttp://www.microsoft.com/technet/security/advisory/972890.mspxhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-00152009-07-062009-07-062009-07-06Downloader.Fostrem
http://www.symantec.com/avcenter/venc/data/downloader.fostrem.html
Exploiting Buffer overflow vulnerability (CVE-2008-0015)
Symantechttp://www.us-cert.gov/cas/techalerts/TA09-187A.htmlhttp://www.microsoft.com/technet/security/advisory/972890.mspxhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-00152009-07-052009-07-052009-07-05