Microsoft has issued a security advisory about a privately reported vulnerability in its Video ActiveX Control.The company says that users running IE6 or IE7 on Windows XP and Windows Server 2003 are at risk for attacks, but Windows Vista and Server 2008 and those running IE8 are not at risk.
"An attacker who successfully exploited this vulnerability could gain the same user rights as the local user," Microsoft said in its advisory. "We are aware of attacks attempting to exploit the vulnerability."
Microsoft said it is working with its partners to provide information they can use to provide broader protections to customers. "Microsoft is currently working to develop a security update for Windows to address this vulnerability," the company said.
Microsoft is recommending users remove support for ActiveX Video Control until a fix is in place.
"When the ActiveX control is used in Internet Explorer, the control may corrupt the system state in such a way that an attacker could run arbitrary code," the Redmond, Washington-based company said.
Attackers can exploit the vulnerability when Internet users visit websites with malicious code. Unsuspecting users may receive emails requesting they visit malicious websites.
"Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights," Microsoft said.
netizens left a footprint.