Microsoft is investigating a privately reported vulnerability in Microsoft Video ActiveX Control. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.Currently, Many attacks were found attempting to exploit the vulnerability. Below are a list of exploit domains used by the attackers (provided by SANS Storm Center) and it is still growing.
Users can prevent the Microsoft Video ActiveX Control from running in Internet Explorer, either manually using the instructions* as an Workaround or automatically using the solution found in Microsoft Knowledge Base Article 972890. By preventing the Microsoft Video ActiveX Control from running in Internet Explorer, there is no impact to application compatibility.
Microsoft is currently working to develop a security update for Windows to address this vulnerability and will release the update when it has reached an appropriate level of quality for broad distribution.
w01f advise: Use Firefox or Chrome instead.
* Workaround instruction in Microsoft Advisory
List of exploit domains:
vip762.3322.org
3b3.org
www.27pay.com
www.hao-duo.com
dump.vicp.cc
64tianwang.com
webxue38.3322.org
556622.3322.org
jfg1.3322.org
df56y.3322.org
javazhu.3322.org
8dfgdsgh.3322.org
ceewe3w2.cn
js.tongji.linezing.com
h65uj.8866.org
45hrtt.8866.org
8oy4t.8866.org
www.mjbox.com
2wdqwdqw.cn
www.vbsjs.cn
cdew32dsw.cn
qvod.y2y2dfa.cn
kan31ni.cn
www.duiguide.us
gkiot.cn
www.carloon.cn
movie.wildmansai.com
www.7iai.cn
www.jazzhigh.com
www.netcode.com
6ik76.8866.org
76ith.8866.org
qd334t.8866.org
u5hjt.8866.org
vpsvip.com
x16ake8.6600.org
www.huimzhe.cn
www.hostts.cn
ucqh.6600.org
qitamove.kmip.net
news.85580000.com
guama.9966.org
dx123.9966.org
ds355.8866.org
dnf.17xj.cn
dasda11d.cn
d212dddw.cn
ckt5.cn
ccfsdee32.cn
aaa.6sys6.cn
9owe2211.cn
8man7.3322.org
6gerere3e.cn
66yttrre.cn
45hrtt.8866.org
tongji520.com
www.google-cdma.com
443ggr.8800.org
caonimabi.r154q.cn
ckt4.cn
fdg5.cn
guama.9966.org
home.xzx6.cn
q23r.cn
wf3gr.8800.org
www.ddlse.cn
www.gamezv.com
Exploit binaries downloaded from these domains:
www.73yi.cn
w1.7777ee.com
w2.7777ee.com
w3.7777ee.com
w8.7777ee.com
w9.7777ee.com
milllk.com
haha999b.com
babi2009.com
haha888l.com
xin765.com
IP Address contain exploit page:
110.165.41.103
Related sites:
- Microsoft Security Advisory (972890)
2 comments:
How does this exploit on my web site?
It is an exploit on IE browser. It don't attack your web server or website.
User using IE who visit website that contains those exploit code will be compromised.
Post a Comment