Microsoft Video ActiveX Control
A newly-found vulnerability in Microsoft Video ActiveX Controlcould result in an attacker gaining the same user rights as the local user when Internet Explorer supports this ActiveX control. In a Web-based attack scenario, an attacker could exploit this vulnerability via a properly-constructed Web page.
Blue Coat WebFilter systems have been updated to capture 100% of the known sites exploiting this vulnerability. Real-time detection mechanisms have also been added to WebPulse to automatically recognize and categorize newly-infected sites. A ProxySG policy to block sites categorized by WebFilter as “Spyware/Malware Sources” will protect WebFilter customers against this exploit.
The research staff at the Blue Coat Security Lab has been actively monitoring this exploit and making the necessary adjustments and updates to the WebFilter database and WebPulse infrastructure to protect Blue Coat customers. Multiple lists of infected sites with drive-by scripts to exploit this vulnerability in IE were published last week; however, Blue Coat's proactive research and monitoring of exploit trends via the WebPulse cloud community resulted in a large majority of these sites being categorized by Blue Coat as “Spyware/Malware Sources” before this exploit was even announced by Microsoft or publicized by the media.
July 14, 2009: Microsoft issued an update and public report to address this issue (including an available security update).
Microsoft Security Advisory (9728980): http://www.microsoft.com/technet/security/advisory/972890.mspx