Let the Celebration Come to an End

It's Independence Day weekend in the United States and many folks are out at picnics, barbeques, and catching firework shows. However, some of us here in the security industry missed out on these events due a new exploit for a zero-day vulnerability in Microsoft's Video Streaming ActiveX control that we discovered in the wild right before the weekend started.

The exploit uses a specially crafted JavaScript file, along with a data file, to take advantage of a vulnerability in the IMPEG2TuneRequest DirectX object interface located in the Msvidctl.dll file. When a user visits a malicious website hosting these files, the vulnerability allows remote code execution and malicious files are downloaded.

Windows XP users with Internet Explorer 6 and 7 are in danger, but those with Internet Explorer 8 installed are not vulnerable. Preliminary testing shows that computers running Windows Vista are not affected by the attack.

Since a patch is not available at this time, please update your Symantec products to catch the exploit, as well as the malicious files downloaded by the attack. The exploit files are detected as Downloader.Fostrem (previously detected as Downloader). The downloaded files are detected as Trojan Horse, Backdoor.Trojan, Infostealer, and Downloader. The following IPS signatures have been updated to catch the exploit traffic as well:

22920 - HTTP Malicious Toolkit Download Request
23086 - HTTP Malicious Toolkit Variant Activity

The 4th of July weekend is almost over and it's back to business as usual. Let's start off by updating our protection against this new vulnerability.