Executive Summary

Microsoft Windows Video ActiveX Control contains a remote code execution vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

CVSS Score: 9.0/10.0
Severity: CRITICAL

Affected Systems

  • Microsoft Windows

Detection & Mitigation

  • Apply vendor patches as soon as available
  • Monitor for indicators of compromise
  • Review vendor advisories for specific guidance

References