/>
X
Business

Exploit published for Windows Media Encoder flaw

If you haven't applied Microsoft's MS08-053 security update, now might be a good time to hit that patch button.Proof-of-concept exploit code for the vulnerability, which allows remote code execution attacks via the Web, has been posted online, raising the likelihood that we'll soon see in-the-wild exploitation.
Written by Ryan Naraine, Contributor on
Exploit published for Windows Media Encoder flaw
If you haven't applied Microsoft's MS08-053 security update, now might be a good time to hit that patch button.

Proof-of-concept exploit code for the vulnerability, which allows remote code execution attacks via the Web, has been posted online, raising the likelihood that we'll soon see in-the-wild exploitation.

The exploit, available at Milw0rm.com,   targets a critical flaw in the WMEX.DLL ActiveX control installed by the Windows Media Encoder 9 Series.  This ActiveX control is marked as Safe for Scripting and can be exploited view the Internet Explorer browser.

[ SEE: MS Patch Tuesday: 8 critical security holes patched ]

From Microsoft's bulletin:

  • The vulnerability could allow remote code execution if a user views a specially crafted Web page. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The bulletin is rated "critical" on supported/affected editions of Microsoft Windows 2000, Windows XP and Windows Vista.   On Windows Server 2003 and Windows Server 2008, it carries a "moderate" severity rating.

Editorial standards

Related

The 16 best Cyber Monday deals under $30 still available
Amazon Fire TV Stick 4K

The 16 best Cyber Monday deals under $30 still available

These file types are the ones most commonly used by hackers to hide their malware
getty-a-woman-looking-at-a-laptop-with-a-concerned-expression.jpg

These file types are the ones most commonly used by hackers to hide their malware

Don't waste your money on these Apple products: December 2022 edition
Waiting in line for the Apple Store

Don't waste your money on these Apple products: December 2022 edition