Microsoft released a security advisory this week about a dangerous vulnerability in the Microsoft Video ActiveX Control (msvidctl.dll), which is used for streaming video. According to the advisory, an attacker who exploits the vulnerability could gain the same rights to an attacked PC as the local user. The code execution takes place remotely in Internet Explorer, and doesn’t require any user intervention. In other words, it’s a “drive-by” attack that injects a Trojan downloader into the victim’s PC. In the advisory, Microsoft said they would release a patch, and provide an automated tool for disabling the ActiveX control. Disabling the ActiveX control manually is a difficult process and requires re-setting several kill bits in the registry. The “FixIt” automated tool is now available here.

This dangerous exploit holds tremendous potential to cause damage on the same scale as Conficker, or perhaps even more. Conficker took advantage of a bug that had already been patched, and captured millions of PCs to create a huge botnet. The exploit is already widely published on several Chinese web sites, and could cause tremendous damage by the time the patch is created and sent through Microsoft’s regular update mechanism.

The ActiveX control can be accessed using Internet Explorer. Several security companies have reported detecting compromised sites that use the exploit.

Systems running Vista or Windows Server 2008 are not vulnerable to the attack, since the ability to pass data within IE in those systems is restricted. Users running running IE8, Firefox, or Chrome, are also not vulnerable to the attack. Users still running Windows XP, or Windows Server 2003, are vulnerable if using IE6 or IE7.