It's Independence Day weekend in the United States and many folks are out at picnics, barbeques, and catching firework shows. However, some of us here in the security industry missed out on these events due a new exploit for a zero-day vulnerability in Microsoft's Video Streaming ActiveX control that we discovered in the wild right before the weekend started.
The exploit uses a specially crafted JavaScript file, along with a data file, to take advantage of a vulnerability in the IMPEG2TuneRequest DirectX object interface located in the Msvidctl.dll file. When a user visits a malicious website hosting these files, the vulnerability allows remote code execution and malicious files are downloaded.
Windows XP users with Internet Explorer 6 and 7 are in danger, but those with Internet Explorer 8 installed are not vulnerable. Preliminary testing shows that computers running Windows Vista are not affected by the attack....
Originally, the flaw was disclosed on November 23, 2007 by Polishsecurity researcher Krystian Kloskowski and since then we have seennumber of exploits targeting the vulnerability being released to thepublic. But now the exploit is active and in the wild, meaning websurfers are in danger of being attacked. Our current analysis is alsoleading us to believe that there may be multiple attacks in existence.Further investigation is currently under way to confirm this....
In Japan, April is the first month of the fiscal year and is alsothe time of year when large numbers of high school and collegegraduates join the workforce. These new hires usually go though intensetraining in the first few months at their respective companies beforebeing assigned to their new posts. Well, these companies had betterplan to quickly take them through a crash course on security inaddition to the normal training, because there is new targeted attackthat takes advantage of a zero-day vulnerability in Justsytem'sIchitaro, the word processing program most widely used in Japan.
The attack – a specially crafted Justsystem Ichitaro document employing the zero-day exploit, which Symantec detects as Trojan.Tarodrop.C,allows a Trojan horse to be dropped onto the target computer. Thedropped Trojan horse then takes over and drops a downloader Trojan...
Recently, we have seen a trend in Trojanhorse programs exploiting popular desktop applications. Theapplications that have been exploited have included Microsoft Word,Excel, Powerpoint, and JustSystem's Ichitaro. Now, we have uncovered aTrojan horse exploiting a vulnerability in WinRar—software which maynot be quite as well known as those examples I have just mentioned.
