Microsoft has warned of a vulnerability in its Video ActiveX Control that affects Windows XP and Windows Server 2003. The software giant said there have been limited attacks exploiting the vulnerability.
The flaw could be exploited by a visit to a malicious Web site and allow an attacker to take control of a PC. Microsoft said it is working on a security update, and meantime advised that users prevent Microsoft Video ActiveX Control from running in Internet Explorer.
The steps to stop the control in IE are a bit complex, but Microsoft offers a "Fix it for me" option at http://support.microsoft.com/kb/972890.
Microsoft also recommends users of Windows Vista and Windows Server 2008 take these steps.
The Microsoft Video ActiveX Control connects DirectShow filters for video and is used in Windows Media Center. When the control runs in Internet Explorer, it can corrupt the system so that an attacker can run arbitrary code.
Security vendor Symantec said the vulnerability affects IE6 and IE7, but not IE8.